CVE Catalog

CVE-2026-0677

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

6th percentile - higher than 6% of all known CVEs

Summary

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection. This issue affects TotalContest Lite from n/a through 2.9.1.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized access to the system and potential takeover of the application. Organizations should be aware of the risks associated with object injection.

Recommendation

It is recommended to update to the latest version of TotalContest Lite to mitigate this vulnerability. A security audit of the application should also be conducted.

Original NVD description (English source)

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through <= 2.9.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS