Object Injection Vulnerability in Pimcore Open Source Management Platform
CVE-2026-45162
8HIGH
What is CVE-2026-45162?
Pimcore, an open-source data and experience management platform, has a vulnerability where multiple components incorrectly use PHP's unserialize() function on untrusted data sources. This oversight allows for potential object injection and remote code execution if an attacker can manipulate the serialized data. The vulnerable code is located in various files, including Authentication, CustomLayout, and Dashboard helpers. To address this issue, it is important for users to upgrade to the fixed versions (11.5.17 LTS and 12.3.7) to safeguard against these exploitation risks.
Affected Version(s)
pimcore < 11.5.17 < 11.5.17
pimcore >= 12.0.0, < 12.3.7 < 12.0.0, 12.3.7