Home

Description

A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.

PUBLISHED Reserved 2026-05-06 | Published 2026-06-18 | Updated 2026-06-18 | Assigner CERTVDE




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Default status
unaffected

1.0.0 (semver) before 8.14.0
affected

Default status
unaffected

1.0.0 (semver) before 4.0.7
affected

Credits

Security Researchers from tenable reporter

References

iba.csaf-tp.certvde.com/...csaf/white/2026/vde-2026-051.json vendor-advisory

certvde.com/en/advisories/VDE-2026-051 third-party-advisory

cve.org (CVE-2026-8024)

nvd.nist.gov (CVE-2026-8024)

Download JSON