Cyber Resilience

CVE-2026-11463

Low

Published: 07 June 2026

Published
07 June 2026
Modified
08 June 2026
KEV Added
Patch
CVSS Score v4 2.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0031 22.9th percentile
Risk Priority 6 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-11463 is a low-severity Type Confusion (CWE-843) vulnerability. Its CVSS base score is 2.9 (Low).

Operationally, ranked at the 22.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack can be launched remotely. The exploit has been publicly…

more

disclosed and may be utilized. The vendor was contacted early about this disclosure.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References