PatchSiren

QOS.CH Sarl CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW QOS.CH Sarl CVE published 2026-06-01

CVE-2026-10532

A deserialization of untrusted data vulnerability exists in QOS.CH Sarl logback-core, specifically within the HardenedObjectInputStream module. An attacker with the ability to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer can instantiate Proxy objects. While deserialization is heavily restricted by HardenedObjectInputStream and no practical remote code execution or signific [truncated]