CVE-2026-9497
Fastjson Deserialization Flaw in TCC-Transaction
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| changmingxie | tcc-transaction | to 2.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw found in the changmingxie tcc-transaction software up to version 2.1.0. It affects the Fastjson.parseObject function of the Fastjson AutoType REST API component. The flaw allows an attacker to manipulate the deserialization process remotely, potentially leading to unintended behavior or exploitation.
How can this vulnerability impact me? :
The vulnerability allows remote attackers to manipulate the deserialization process, which can lead to security risks such as unauthorized code execution, data corruption, or other malicious actions depending on how the deserialization is handled within the application.