CVE-2026-39550
8.1 HIGHDeserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection
Published: 2026-06-02 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 8.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-502
Description
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-12191 — A vulnerability was found in Comma AI Openpilot 0.11 (7.8 HIGH)
- CVE-2026-41699 — Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries (8.1 HIGH)
- CVE-2026-20251 — In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, Splunk Cloud Platform versions below 10.3.2512.12, 10.2.2510.14, ... (8.8 HIGH)
- CVE-2026-53435 — In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined i... (8.8 HIGH)
- CVE-2026-52751 — Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthe... (8.8 HIGH)