MEDIUM
TotalSuite
CVE published 2026-03-20
CVE-2026-0677
A deserialization of untrusted data vulnerability in TotalSuite TotalContest Lite allows PHP object injection. The vulnerability exists in versions up to and including 2.9.1. An attacker with low privileges can exploit this issue over the network without user interaction, potentially leading to limited impacts on confidentiality, integrity, and availability. The CVE was published on March 20, 2026, and la [truncated]