What the vulnerability does
01Description
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
CVE-2024-49147
CRITICAL
CVE-2024-49147: Microsoft Update Catalog Elevation of Privilege Vulnerability
CVSS base score
9.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C
Key dates
02Disclosure timeline
December 12, 2024
CVE published
June 9, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-31103
CVE-2026-9828 Logback deserialization whitelist bypass for java.lang and java.util
CVE-2025-1186 dayrui XunRuiCMS Api.php deserialization
CVE-2025-2566 Deserialization of Untrusted Data in Kaleris Navis N4
CVE-2025-67996 WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability
