CVE-2026-1286
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk25th percentile - higher than 25% of all known CVEs
Summary
A deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity, and potential remote code execution on a workstation when an admin authenticated user opens a malicious project file.
Risk Assessment
This vulnerability poses a serious security threat to the organization, allowing attackers to gain access to sensitive systems and data.
Recommendation
It is recommended that administrators avoid opening unknown or suspicious project files and implement appropriate security measures to minimize risk.
Original NVD description (English source)
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file.

