Description
A deserialization of untrusted data vulnerability was found in ManageIQ. The YamlLoadAliases module overrides YAML.safe_load to silently fall back to YAML.unsafe_load in production when a Psych::DisallowedClass error occurs. An authenticated attacker with dialog import access can exploit this to achieve remote code execution by uploading a crafted YAML payload that triggers the fallback and deserializes arbitrary Ruby objects.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 09 Jun 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Manageiq
Manageiq manageiq |
|
| Vendors & Products |
Manageiq
Manageiq manageiq |
Tue, 09 Jun 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A deserialization of untrusted data vulnerability was found in ManageIQ. The YamlLoadAliases module overrides YAML.safe_load to silently fall back to YAML.unsafe_load in production when a Psych::DisallowedClass error occurs. An authenticated attacker with dialog import access can exploit this to achieve remote code execution by uploading a crafted YAML payload that triggers the fallback and deserializes arbitrary Ruby objects. | |
| Title | manageiq: YAML safe_load production fallback to unsafe_load enables RCE via deserialization | |
| Weaknesses | CWE-502 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-09T14:30:07Z
Weaknesses