LOW
changmingxie
CVE published 2026-05-25
CVE-2026-9497
A deserialization vulnerability exists in tcc-transaction versions up to 2.1.0, specifically within the Fastjson.parseObject function used by the Fastjson AutoType REST API component. The vulnerability allows remote attackers to trigger deserialization attacks. The CVSS 4.0 score of 2.1 reflects LOW severity with network attack vector, low attack complexity, and low impacts to confidentiality, integrity, [truncated]