A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notified on Aug 2025 and a disclosure deadline was set for 90 days. The maintainer acknowledged but postponed indefinitely citing time concerns. No patch is currently available and the disclosure deadline has expired.
PUBLISHED5.2ApplicationCWE-1287CWE-20
Boost Serialization improper validation of specified type of input
Problem type
Affected products
Boost
Serialization
1.0 - AFFECTED
1.1 - AFFECTED
1.2 - AFFECTED
1.3 - AFFECTED
1.4 - AFFECTED
1.5 - AFFECTED
1.6 - AFFECTED
1.7 - AFFECTED
1.8 - AFFECTED
1.9 - AFFECTED
1.10 - AFFECTED
1.11 - AFFECTED
1.12 - AFFECTED
1.13 - AFFECTED
1.14 - AFFECTED
1.15 - AFFECTED
1.16 - AFFECTED
1.17 - AFFECTED
1.18 - AFFECTED
1.19 - AFFECTED
1.20 - AFFECTED
1.21 - AFFECTED
1.22 - AFFECTED
1.23 - AFFECTED
1.24 - AFFECTED
1.25 - AFFECTED
1.26 - AFFECTED
1.27 - AFFECTED
1.28 - AFFECTED
1.29 - AFFECTED
1.30 - AFFECTED
1.31 - AFFECTED
1.32 - AFFECTED
1.33 - AFFECTED
1.34 - AFFECTED
1.35 - AFFECTED
1.36 - AFFECTED
1.37 - AFFECTED
1.38 - AFFECTED
1.39 - AFFECTED
1.40 - AFFECTED
1.41 - AFFECTED
1.42 - AFFECTED
1.43 - AFFECTED
1.44 - AFFECTED
1.45 - AFFECTED
1.46 - AFFECTED
1.47 - AFFECTED
1.48 - AFFECTED
1.49 - AFFECTED
1.50 - AFFECTED
1.51 - AFFECTED
1.52 - AFFECTED
1.53 - AFFECTED
1.54 - AFFECTED
1.55 - AFFECTED
1.56 - AFFECTED
1.57 - AFFECTED
1.58 - AFFECTED
1.59 - AFFECTED
1.60 - AFFECTED
1.61 - AFFECTED
1.62 - AFFECTED
1.63 - AFFECTED
1.64 - AFFECTED
1.65 - AFFECTED
1.66 - AFFECTED
1.67 - AFFECTED
1.68 - AFFECTED
1.69 - AFFECTED
1.70 - AFFECTED
1.71 - AFFECTED
1.72 - AFFECTED
1.73 - AFFECTED
1.74 - AFFECTED
1.75 - AFFECTED
1.76 - AFFECTED
1.77 - AFFECTED
1.78 - AFFECTED
1.79 - AFFECTED
1.80 - AFFECTED
1.81 - AFFECTED
1.82 - AFFECTED
1.83 - AFFECTED
1.84 - AFFECTED
1.85 - AFFECTED
1.86 - AFFECTED
1.87 - AFFECTED
1.88 - AFFECTED
1.89 - AFFECTED
1.90 - AFFECTED
1.91 - AFFECTED
References
VDB-369080 | Boost Serialization improper validation of specified type of input
https://vuldb.com/vuln/369080
VDB-369080 | CTI Indicators (IOB, IOC)
https://vuldb.com/vuln/369080/cti
CVE-2026-11460 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11460
Submit #814455 | boostorg boost serialization 1.91 CWE-1287, CWE-843 (Type Confusion)
https://vuldb.com/submit/814455
github.com
https://github.com/boostorg/serialization/issues/331
gist.github.com
https://gist.github.com/TrebledJ/b7c872f869b5ed7cbd936f71f16c7d75
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-11460Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-11460",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-06-07T19:30:10.324Z",
"dateReserved": "2026-06-07T07:25:46.611Z",
"datePublished": "2026-06-07T19:30:10.324Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-06-07T19:30:10.324Z"
},
"title": "Boost Serialization improper validation of specified type of input",
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notified on Aug 2025 and a disclosure deadline was set for 90 days. The maintainer acknowledged but postponed indefinitely citing time concerns. No patch is currently available and the disclosure deadline has expired."
}
],
"affected": [
{
"vendor": "Boost",
"product": "Serialization",
"cpes": [
"cpe:2.3:a:boost:serialization:*:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "1.0",
"status": "affected"
},
{
"version": "1.1",
"status": "affected"
},
{
"version": "1.2",
"status": "affected"
},
{
"version": "1.3",
"status": "affected"
},
{
"version": "1.4",
"status": "affected"
},
{
"version": "1.5",
"status": "affected"
},
{
"version": "1.6",
"status": "affected"
},
{
"version": "1.7",
"status": "affected"
},
{
"version": "1.8",
"status": "affected"
},
{
"version": "1.9",
"status": "affected"
},
{
"version": "1.10",
"status": "affected"
},
{
"version": "1.11",
"status": "affected"
},
{
"version": "1.12",
"status": "affected"
},
{
"version": "1.13",
"status": "affected"
},
{
"version": "1.14",
"status": "affected"
},
{
"version": "1.15",
"status": "affected"
},
{
"version": "1.16",
"status": "affected"
},
{
"version": "1.17",
"status": "affected"
},
{
"version": "1.18",
"status": "affected"
},
{
"version": "1.19",
"status": "affected"
},
{
"version": "1.20",
"status": "affected"
},
{
"version": "1.21",
"status": "affected"
},
{
"version": "1.22",
"status": "affected"
},
{
"version": "1.23",
"status": "affected"
},
{
"version": "1.24",
"status": "affected"
},
{
"version": "1.25",
"status": "affected"
},
{
"version": "1.26",
"status": "affected"
},
{
"version": "1.27",
"status": "affected"
},
{
"version": "1.28",
"status": "affected"
},
{
"version": "1.29",
"status": "affected"
},
{
"version": "1.30",
"status": "affected"
},
{
"version": "1.31",
"status": "affected"
},
{
"version": "1.32",
"status": "affected"
},
{
"version": "1.33",
"status": "affected"
},
{
"version": "1.34",
"status": "affected"
},
{
"version": "1.35",
"status": "affected"
},
{
"version": "1.36",
"status": "affected"
},
{
"version": "1.37",
"status": "affected"
},
{
"version": "1.38",
"status": "affected"
},
{
"version": "1.39",
"status": "affected"
},
{
"version": "1.40",
"status": "affected"
},
{
"version": "1.41",
"status": "affected"
},
{
"version": "1.42",
"status": "affected"
},
{
"version": "1.43",
"status": "affected"
},
{
"version": "1.44",
"status": "affected"
},
{
"version": "1.45",
"status": "affected"
},
{
"version": "1.46",
"status": "affected"
},
{
"version": "1.47",
"status": "affected"
},
{
"version": "1.48",
"status": "affected"
},
{
"version": "1.49",
"status": "affected"
},
{
"version": "1.50",
"status": "affected"
},
{
"version": "1.51",
"status": "affected"
},
{
"version": "1.52",
"status": "affected"
},
{
"version": "1.53",
"status": "affected"
},
{
"version": "1.54",
"status": "affected"
},
{
"version": "1.55",
"status": "affected"
},
{
"version": "1.56",
"status": "affected"
},
{
"version": "1.57",
"status": "affected"
},
{
"version": "1.58",
"status": "affected"
},
{
"version": "1.59",
"status": "affected"
},
{
"version": "1.60",
"status": "affected"
},
{
"version": "1.61",
"status": "affected"
},
{
"version": "1.62",
"status": "affected"
},
{
"version": "1.63",
"status": "affected"
},
{
"version": "1.64",
"status": "affected"
},
{
"version": "1.65",
"status": "affected"
},
{
"version": "1.66",
"status": "affected"
},
{
"version": "1.67",
"status": "affected"
},
{
"version": "1.68",
"status": "affected"
},
{
"version": "1.69",
"status": "affected"
},
{
"version": "1.70",
"status": "affected"
},
{
"version": "1.71",
"status": "affected"
},
{
"version": "1.72",
"status": "affected"
},
{
"version": "1.73",
"status": "affected"
},
{
"version": "1.74",
"status": "affected"
},
{
"version": "1.75",
"status": "affected"
},
{
"version": "1.76",
"status": "affected"
},
{
"version": "1.77",
"status": "affected"
},
{
"version": "1.78",
"status": "affected"
},
{
"version": "1.79",
"status": "affected"
},
{
"version": "1.80",
"status": "affected"
},
{
"version": "1.81",
"status": "affected"
},
{
"version": "1.82",
"status": "affected"
},
{
"version": "1.83",
"status": "affected"
},
{
"version": "1.84",
"status": "affected"
},
{
"version": "1.85",
"status": "affected"
},
{
"version": "1.86",
"status": "affected"
},
{
"version": "1.87",
"status": "affected"
},
{
"version": "1.88",
"status": "affected"
},
{
"version": "1.89",
"status": "affected"
},
{
"version": "1.90",
"status": "affected"
},
{
"version": "1.91",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Improper Validation of Specified Type of Input",
"cweId": "CWE-1287",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Improper Input Validation",
"cweId": "CWE-20",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/369080",
"name": "VDB-369080 | Boost Serialization improper validation of specified type of input",
"tags": [
"vdb-entry"
]
},
{
"url": "https://vuldb.com/vuln/369080/cti",
"name": "VDB-369080 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/cve/CVE-2026-11460",
"name": "CVE-2026-11460 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://vuldb.com/submit/814455",
"name": "Submit #814455 | boostorg boost serialization 1.91 CWE-1287, CWE-843 (Type Confusion)",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/boostorg/serialization/issues/331",
"tags": [
"issue-tracking"
]
},
{
"url": "https://gist.github.com/TrebledJ/b7c872f869b5ed7cbd936f71f16c7d75",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 7.5
}
}
],
"timeline": [
{
"time": "2026-06-07T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-06-07T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-06-07T09:30:50.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "trebledj (VulDB User)",
"type": "reporter"
},
{
"lang": "en",
"value": "VulDB CNA Team",
"type": "coordinator"
}
]
}
}
}