CVE-2026-25449

Awaiting Analysis
Published: 18 Mar 2026, 13:12
Last modified:18 Mar 2026, 13:20

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.8 CRITICAL
v3.1 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

18 Mar 2026, 13:12
Published
Vulnerability first disclosed
18 Mar 2026, 13:20
Last Modified
Vulnerability information updated

Description

Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1.

CVSS Metrics

  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Techniques & Countermeasures

  • CWE-502Deserialization of Untrusted Data

    The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Affected Systems

  • shinethemetraveler

    ≥ n/a, < 3.2.8.1

References (1)