CVE-2026-3422
CRITICALU-Office Force < 29.50 - Unauthenticated Remote Code Execution via Insecure Deserialization
Title source: llmDescription
U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized content.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://www.twcert.org.tw/tw/cp-132-10742-45b13-1.html
Various Sources third-party-advisory
https://www.twcert.org.tw/en/cp-139-10743-9a952-2.html
Scores
CVSS v3
9.8
EPSS
0.0076
EPSS Percentile
50.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (2)
edetw/u-office_force
29.50
edetw/u-office_force
< 29.50
Published
Mar 02, 2026
Tracked Since
Mar 02, 2026