CVE-2026-24815

Summary

Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules). This vulnerability is associated with program files XmlFile.Java.

This issue affects tis: before v4.3.0.

Affected Software

VendorProductVersion RangeStatus
datavanetis0 < v4.3.0affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References