CVE Catalog

CVE-2026-1286

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile - higher than 25% of all known CVEs

Summary

A deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity, and potential remote code execution on a workstation when an admin authenticated user opens a malicious project file.

Risk Assessment

This vulnerability poses a serious security threat to the organization, allowing attackers to gain access to sensitive systems and data.

Recommendation

It is recommended that administrators avoid opening unknown or suspicious project files and implement appropriate security measures to minimize risk.

Original NVD description (English source)

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS