CVE-2026-11815
Awaiting Analysis Awaiting Analysis - Queue

Deserialization Flaw in API Gateway Server

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: Symantec Corporation

Description
An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-30
AI Q&A
2026-06-10
EPSS Evaluated
2026-06-29
NVD
CVE-2026-11815
EUVD
EUVD-2026-35992

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs when an attacker intercepts and tampers with the traffic between a client application and the API Gateway server. By doing so, the attacker could potentially cause the system to deserialize arbitrary objects.

Deserialization of arbitrary objects can lead to broken security expectations or even remote code execution, meaning the attacker might be able to run malicious code on the server.

Impact Analysis

The impact of this vulnerability includes the possibility of an attacker executing remote code on the API Gateway server by exploiting the deserialization flaw.

This could compromise the security of the system, potentially leading to unauthorized access, data breaches, or disruption of services.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11815. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart