CVE-2026-11815
MEDIUMInsecure Deserialization via MITM in Layer 7 Policy Manager
Title source: cnaDescription
An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37631
Scores
CVSS v4
5.3
EPSS
0.0029
EPSS Percentile
20.8%
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-502
Status
published
Products (1)
Broadcom/Layer 7 API Gateway
11.2.1
Published
Jun 10, 2026
Tracked Since
Jun 10, 2026