#deserialization
5 stories taggeddeserialization.

CISA Flags SharePoint Deserialization Bug CVE-2026-45659 as Actively Exploited
The RCE flaw joins KEV with a three-week federal patch deadline. Attribution details remain thin.

Active Exploitation Hits PTC Windchill as Attackers Drop Web Shells on PLM Systems
A critical deserialization flaw in software used by Boeing, Lockheed Martin, and BMW is drawing threat actors toward some of the most sensitive intellectual property in global manufacturing.

Silent RCE in Hugging Face Transformers Hides Behind a Single Config Field
CVE-2026-4372 lets an attacker own any machine that loads a poisoned model — no warnings, no prompts, no trace. The trust_remote_code flag didn't help.

CISA Flags Magento Cache Extension Bug as Actively Exploited
CVE-2026-45247, an unsafe deserialization flaw in Mirasvit Cache Warmer, lands in KEV after in-the-wild abuse against Magento storefronts.

SharePoint's latest RCE bug hands attackers the keys with no extra paperwork
CVE-2026-45659 is a deserialization flaw that doesn't ask for much — and that's exactly why Microsoft is shipping fixes across every supported SharePoint Server build.