CVE-2026-10538
EUVD-2026-4092601.07.2026, 08:16
Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction of allowed object types in the out of support Control-M/Server and Control-M/Enterprise Manager versions 9.0.20.x and potentially earlier. This issue may allow an authenticated attacker to trigger unintended server-side behavior through crafted serialized content.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| bmc | control-m | 9.0.20 ≤ 𝑥 < 9.0.21 | CNA |
Common Weakness Enumeration