Access of Resource Using Incompatible Type ('Type Confusion') Affecting cereal package, versions [0,]


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept
EPSS
0.31% (23rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-CEREAL-17660943
  • published28 Jun 2026
  • disclosed7 Jun 2026
  • credittrebledj

Introduced: 7 Jun 2026

CVE-2026-11463  (opens in a new tab)
CWE-843  (opens in a new tab)

How to fix?

There is no fixed version for cereal.

Overview

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') in the Shared Pointer Handler process. An attacker can access sensitive information, modify data, or cause a denial of service by submitting specially crafted serialized data to applications that process untrusted input.

Workaround

This vulnerability can be mitigated by restricting network access or input mechanisms that allow unauthenticated or untrusted sources to submit serialized data to affected applications.

CVSS Base Scores

version 4.0
version 3.1