Description
A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.
Published: 2026-06-18
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a deserialization of untrusted data vulnerability (CWE-502) that allows a remote, unauthenticated attacker to send crafted payloads that are processed by the ibaPDA or ibaDatCoordinator applications, resulting in execution of arbitrary code and full control over the affected system.

Affected Systems

All versions of the iba Data Coordinator and ibaPDA products from the vendor iba are affected. No specific version range is listed; assume all current releases remain vulnerable until an official fix is released or the affected functionality is disabled.

Risk and Exploitability

The CVSS score of 9.3 signifies a critical risk. The flaw can be exploited without authentication over the network. EPSS data is unavailable and the vulnerability is not listed in CISA KEV, but the nature of the flaw suggests that automated tools could target it. Until an official patch is issued, the risk remains high, and operators should implement controls to reduce exposure.

Generated by OpenCVE AI on June 18, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable the deserialization functionality or related endpoints in ibaPDA and ibaDatCoordinator if the vendor offers an option to turn them off
  • Restrict network access to the vulnerable services by configuring firewalls or ACLs to allow only trusted IP ranges, reducing the attack surface
  • Implement vigilant logging and monitoring of deserialization attempts, and isolate or shut down the affected components immediately if suspicious activity is detected
  • Apply the vendor’s official patch or update when it becomes available, ensuring the fix addresses the unsafe deserialization routine

Generated by OpenCVE AI on June 18, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 20 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.
Title Deserialization vulnerability in ibaPDA and ibaDatCoordinator
First Time appeared Iba
Iba ibadatcoordinator
Iba ibapda
Weaknesses CWE-502
CPEs cpe:2.3:a:iba:ibadatcoordinator:*:*:*:*:*:*:*:*
cpe:2.3:a:iba:ibapda:*:*:*:*:*:*:*:*
Vendors & Products Iba
Iba ibadatcoordinator
Iba ibapda
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Iba Ibadatcoordinator Ibapda
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-06-18T13:53:21.412Z

Reserved: 2026-05-06T06:31:06.618Z

Link: CVE-2026-8024

cve-icon Vulnrichment

Updated: 2026-06-18T13:20:56.730Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:56:22Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data