CVE-2026-11460NVD

Vulnerability Summary

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notified on Aug 2025 and a disclosure deadline was set for 90 days. The maintainer acknowledged but postponed indefinitely citing time concerns. No patch is currently available and the disclosure deadline has expired.

Severity Level

HIGH(7.3)

Published Date

Jun 7, 2026

Last Modified

Jun 8, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.08%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityLow

AvailabilityLow

External References

https://vuldb.com/vuln/369080
https://vuldb.com/vuln/369080/cti
https://vuldb.com/cve/CVE-2026-11460
https://vuldb.com/submit/814455
https://github.com/boostorg/serialization/issues/331
https://gist.github.com/TrebledJ/b7c872f869b5ed7cbd936f71f16c7d75

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-11460NVD

Vulnerability Summary

External References