CVE-2026-11460

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L                                    

Vulnerability Description

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notified on Aug 2025 and a disclosure deadline was set for 90 days. The maintainer acknowledged but postponed indefinitely citing time concerns. No patch is currently available and the disclosure deadline has expired.

Vulnerability Details

Published Date

June 07, 2026

Last Modified

June 07, 2026

CWE ID

CWE-20

Source

NVD

Vendor

Boost

Product

Serialization

External References

https://gist.github.com/TrebledJ/b7c872f869b5ed7cbd936f71f16c7d75
https://github.com/boostorg/serialization/issues/331
https://vuldb.com/cve/CVE-2026-11460
https://vuldb.com/submit/814455
https://vuldb.com/vuln/369080
https://vuldb.com/vuln/369080/cti

CVE-2026-11460

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment