HIGH
SMSGate
CVE published 2026-05-28
CVE-2026-37579
A deserialization vulnerability in SMSGate sms-core versions 2.1.13.6 and earlier allows remote code execution through the Cmpp7FDeliverRequestMessageCodec.java component. The vulnerability was disclosed on May 28, 2026, with a proof-of-concept reference published to GitHub. No CVSS score or severity rating has been assigned by NVD at this time. The affected vendor and product details remain under review [truncated]