← Browse CVEs
CVE-2024-40711
Critical · CVSS 9.8EPSS 88.2%CISA KEVCWE-502 · Deserialization of Untrusted Data
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
NVD only has a brief summary for this one — the community fills in the real-world detail below.
References
Published
Community ground truth
Community verdict
2 verdictsNot a real issue
Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.
to add your verdict.
Community real-world severity: Critical (Critical 2) — CVSS base score 9.8
In line with its CVSS base score.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
- 0
Confirmed exploited in the wild — listed in the CISA KEV catalog (added 2024-10-17). Linked to known ransomware campaigns. Treat as real and prioritize patching over triage.