CVE-2026-4860 | 648540858 wvp-GB28181-pro up to 2.7.4 API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization

A vulnerability described as critical has been identified in 648540858 wvp-GB28181-pro up to 2.7.4. This affects the function GenericFastJsonRedisSerializer of the file src/main/java/com/genersoft/iot/vmp/conf/redis/RedisTemplateConfig.java of the component API Endpoint. The manipulation results in deserialization.

This vulnerability is known as CVE-2026-4860. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4860 | 648540858 wvp-GB28181-pro up to 2.7.4 API Endpoint RedisTemplateConfig.java GenericFastJsonRedisSerializer deserialization

Post correlati

CVE-2024-48916 | Ceph RadosGW encryption algorithm improper authentication

CVE-2024-41678 | GLPI up to 10.0.16 cross site scripting (GHSA-xwmx-mmrf-hqf9)

CVE-2025-4220 | Xavins List Subpages Plugin up to 1.3 on WordPress Shortcode xls cross site scripting

CVE-2025-54543 | OpenSolution QuickCMS 6.8 Page Editor sDescriptionMeta cross site scripting