Deserialization in Qos.ch Sarl Logback
CVE-2026-9828
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serial…
Vulnerability class: Insecure Deserialization
EPSS: 0.001 (29.4th percentile) — read the EPSS interpretation.
Affected products
- Qos.ch Sarl Logback — versions 0, 1.5.33