Insecure Deserialization Vulnerability in U-Office Force by e-Excellence
CVE-2026-3422

9.3CRITICAL

Key Information:

Vendor: E-excellence
Status: U-office Force
Vendor: CVE Published:; 2 March 2026

🔔 Create E-excellence Vulnerability Alert

What is CVE-2026-3422?

The U-Office Force application developed by e-Excellence is vulnerable to an Insecure Deserialization issue, enabling unauthorized remote attackers to execute arbitrary code on the server. This vulnerability arises when maliciously crafted serialized content is sent to the server, exploiting the application's handling of serialized data. As a result, attackers can potentially manipulate server behavior, leading to serious security breaches. Organizations using this product should review their security posture and apply the necessary patches to mitigate risks associated with this vulnerability.

Affected Version(s)

U-Office Force 0 <= 29.50

References

https://www.twcert.org.tw/tw/cp-132-10742-45b13-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10743-9a952-2.html

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2026
Vulnerability Reserved
Mar 2, 2026

CVE-2026-3422 Data

JSON