Description
Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.
Published: 2026-04-28
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an insecure deserialization flaw that allows an attacker to supply crafted input to the StellarGroup HPX application, potentially causing the execution of arbitrary code. When the flaw is triggered, the originating attacker can subvert the confidentiality, integrity, and availability of the affected system, resulting in a full compromise of the environment running the vulnerable component. The description indicates that the issue surfaces under certain conditions, but the specific prerequisites for exploitation are not detailed in the available data.

Affected Systems

StellarGroup HPX version 1.11.0 is the only documented affected product. No additional vendors, product lines or patch versions are listed, so the scope is limited to that single component.

Risk and Exploitability

The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score is not disclosed, though the presence of arbitrary code execution implies a high severity rating. Based on the description, it is inferred that exploitation may be achieved remotely by supplying malicious data to the deserialization routine, although the exact attack vector is not specified. The risk to any system running the affected version is significant, especially if it is exposed to untrusted networks or users.

Generated by OpenCVE AI on April 28, 2026 at 19:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch for HPX 1.11.0 as soon as it becomes available.
  • If a patch is not yet released, disable or restrict the feature that accepts untrusted deserialization input.
  • Implement strict input validation to ensure only properly formed, trusted data is processed.
  • Monitor logs for anomalous deserialization activity and block suspicious payloads.

Generated by OpenCVE AI on April 28, 2026 at 19:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Stellargroup
Stellargroup hpx
Vendors & Products Stellargroup
Stellargroup hpx

Tue, 28 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Title Insecure Deserialization Allows Arbitrary Code Execution in StellarGroup HPX 1.11.0
Weaknesses CWE-502

Tue, 28 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts.
References

Subscriptions

Stellargroup Hpx
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-28T15:16:37.966Z

Reserved: 2025-09-26T00:00:00.000Z

Link: CVE-2025-60889

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T16:16:05.763

Modified: 2026-04-28T20:23:20.703

Link: CVE-2025-60889

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T10:11:06Z

Weaknesses