CVE-2026-0677
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection. This issue affects TotalContest Lite from n/a through 2.9.1.
Risk Assessment
Exploitation of this vulnerability may lead to unauthorized access to the system and potential takeover of the application. Organizations should be aware of the risks associated with object injection.
Recommendation
It is recommended to update to the latest version of TotalContest Lite to mitigate this vulnerability. A security audit of the application should also be conducted.
Original NVD description (English source)
Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through <= 2.9.1.

