RCE in Opensolution Quick.cms
CVE-2026-11860
Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization…
Vulnerability class: RCE (Remote Code Execution)
Affected products
- Opensolution Quick.cms — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)