All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-10538
HIGHpublished 2026-07-01 08:16 UTC · 3 days ago · modified 2026-07-01 19:59 UTC
8.9
CVSS / 10
// description
Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker to trigger unintended server-side behavior through crafted serialized content.
// weaknesses (CWE)
- CWE-502