CVE-2026-11815
Received Received - Intake
Deserialization Flaw in API Gateway Server

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: Symantec Corporation

Description
An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-11815
EUVD
EUVD-2026-35992
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs when an attacker intercepts and tampers with the traffic between a client application and the API Gateway server. By doing so, the attacker could potentially cause the system to deserialize arbitrary objects.

Deserialization of arbitrary objects can lead to broken security expectations or even remote code execution, meaning the attacker might be able to run malicious code on the server.

Impact Analysis

The impact of this vulnerability includes the possibility of an attacker executing remote code on the API Gateway server by exploiting the deserialization flaw.

This could compromise the security of the system, potentially leading to unauthorized access, data breaches, or disruption of services.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11815. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart