What the vulnerability does
01Description
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
CVSS base score
—
Key dates
02Disclosure timeline
March 7, 2024
CVE published
August 22, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-14920 Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2026-33439 Pre-Authentication Remote Code Execution via `jato.clientSession` Deserialization in OpenAM
CVE-2026-5127 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection
CVE-2025-59050 Greenshot — Insecure .NET deserialization via WM_COPYDATA enables local code execution
CVE-2021-21863
