{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-11463", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-06-07T07:45:12.676Z", "datePublished": "2026-06-07T22:15:12.845Z", "dateUpdated": "2026-06-09T14:39:38.385Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-07T22:15:12.845Z"}, "title": "USCiLab Cereal Shared Pointer type confusion", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-843", "lang": "en", "description": "Type Confusion"}]}], "affected": [{"vendor": "USCiLab", "product": "Cereal", "versions": [{"version": "1.3.0", "status": "affected"}, {"version": "1.3.1", "status": "affected"}, {"version": "1.3.2", "status": "affected"}], "cpes": ["cpe:2.3:a:uscilab:cereal:*:*:*:*:*:*:*:*"], "modules": ["Shared Pointer Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-06-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-06-07T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-06-07T09:50:24.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "trebledj (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/369083", "name": "VDB-369083 | USCiLab Cereal Shared Pointer type confusion", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/369083/cti", "name": "VDB-369083 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-11463", "name": "CVE-2026-11463 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/814456", "name": "Submit #814456 | USCiLab cereal 1.3.2 CWE-1287, CWE-843 (Type Confusion)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/USCiLab/cereal/issues/870", "tags": ["issue-tracking"]}, {"url": "https://gist.github.com/TrebledJ/0223c1fa3c3fd64e2c7047b8a4385ec0", "tags": ["exploit"]}, {"url": "https://github.com/USCiLab/cereal/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-09T14:39:29.398069Z", "id": "CVE-2026-11463", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T14:39:38.385Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-11463", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-09T14:39:29.398069Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T14:39:34.993Z"}}], "cna": {"title": "USCiLab Cereal Shared Pointer type confusion", "credits": [{"lang": "en", "type": "reporter", "value": "trebledj (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:uscilab:cereal:*:*:*:*:*:*:*:*"], "vendor": "USCiLab", "modules": ["Shared Pointer Handler"], "product": "Cereal", "versions": [{"status": "affected", "version": "1.3.0"}, {"status": "affected", "version": "1.3.1"}, {"status": "affected", "version": "1.3.2"}]}], "timeline": [{"lang": "en", "time": "2026-06-07T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-06-07T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-06-07T09:50:24.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/369083", "name": "VDB-369083 | USCiLab Cereal Shared Pointer type confusion", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/369083/cti", "name": "VDB-369083 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-11463", "name": "CVE-2026-11463 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/814456", "name": "Submit #814456 | USCiLab cereal 1.3.2 CWE-1287, CWE-843 (Type Confusion)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/USCiLab/cereal/issues/870", "tags": ["issue-tracking"]}, {"url": "https://gist.github.com/TrebledJ/0223c1fa3c3fd64e2c7047b8a4385ec0", "tags": ["exploit"]}, {"url": "https://github.com/USCiLab/cereal/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-843", "description": "Type Confusion"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-07T22:15:12.845Z"}}}, "cveMetadata": {"cveId": "CVE-2026-11463", "state": "PUBLISHED", "dateUpdated": "2026-06-09T14:39:38.385Z", "dateReserved": "2026-06-07T07:45:12.676Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-06-07T22:15:12.845Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure."}], "id": "CVE-2026-11463", "lastModified": "2026-06-08T14:57:14.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-06-07T23:16:41.697", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/TrebledJ/0223c1fa3c3fd64e2c7047b8a4385ec0"}, {"source": "cna@vuldb.com", "url": "https://github.com/USCiLab/cereal/"}, {"source": "cna@vuldb.com", "url": "https://github.com/USCiLab/cereal/issues/870"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/cve/CVE-2026-11463"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/814456"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/369083"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/369083/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "cereal: USCiLab Cereal: Type confusion vulnerability in Shared Pointer Handler", "id": "2486148", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2486148"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-843", "details": ["A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.", "A security flaw has been identified in the USCiLab Cereal library that could affect the security and stability of applications utilizing it."], "mitigation": {"lang": "en:us", "value": "Since the vulnerability is triggered by processing malicious payloads, immediately restrict network access or input mechanisms that allow unauthenticated or untrusted sources to submit serialized data to the affected applications."}, "name": "CVE-2026-11463", "public_date": "2026-06-07T22:15:12Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-11463\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-11463\nhttps://gist.github.com/TrebledJ/0223c1fa3c3fd64e2c7047b8a4385ec0\nhttps://github.com/USCiLab/cereal/\nhttps://github.com/USCiLab/cereal/issues/870\nhttps://vuldb.com/cve/CVE-2026-11463\nhttps://vuldb.com/submit/814456\nhttps://vuldb.com/vuln/369083\nhttps://vuldb.com/vuln/369083/cti"], "statement": "This Important vulnerability in the `cereal` library's Shared Pointer Handler allows a remote attacker to trigger type confusion. The publicly disclosed exploit could lead to information disclosure, data integrity issues, or a denial of service, impacting systems that process untrusted serialized data using `cereal`.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.3.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.3.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.3.2"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Cereal", "source": "cna", "vendor": "USCiLab"}, "product": "cereal", "vendor": "uscilab"}], "created": "2026-06-08T04:00:06.335953+00:00", "updated": "2026-06-08T04:00:06.336006+00:00", "vendors": ["uscilab", "uscilab$PRODUCT$cereal"]}