Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-4r4v-3jc5-hrg9 | TCC-TRANSACTION has an Improper Input Validation vulnerability |
Tue, 26 May 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 25 May 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw has been found in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |
| Title | changmingxie tcc-transaction Fastjson AutoType REST API Fastjson.parseObject deserialization | |
| First Time appeared |
Changmingxie
Changmingxie tcc-transaction |
|
| Weaknesses | CWE-20 CWE-502 |
|
| CPEs | cpe:2.3:a:changmingxie:tcc-transaction:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Changmingxie
Changmingxie tcc-transaction |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-05-26T15:08:15.118Z
Reserved: 2026-05-25T09:37:31.224Z
Link: CVE-2026-9497
Updated: 2026-05-26T15:08:09.389Z
Status : Deferred
Published: 2026-05-25T20:16:38.137
Modified: 2026-06-17T11:05:22.513
Link: CVE-2026-9497
No data.
OpenCVE Enrichment
Updated: 2026-05-26T13:00:11Z
Github GHSA