CVE-2026-8024
published 2026-06-18CVE-2026-8024: A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
42.0th percentile
A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iba | ibadatcoordinator | >= 1.0.0 < 4.0.7 | 4.0.7 |
| iba | ibapda | >= 1.0.0 < 8.14.0 | 8.14.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
iba PDA/DatCoordinator up to 8.13.x deserialization (vde-2026-051 / EUVD-2026-37869)
vuldb·2026-06-18
CVE-2026-8024 iba PDA/DatCoordinator up to 8.13.x deserialization (vde-2026-051 / EUVD-2026-37869)
A vulnerability, which was classified as very critical, has been found in iba PDA and DatCoordinator up to 8.13.x. This impacts an unknown function. This manipulation causes deserialization.
This vulnerability is registered as CVE-2026-8024. Remote exploitation of the attack is possible. No exploit is available.
It is advisable to upgrade the affected component.
GHSA
A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.
ghsa_unreviewed·2026-06-18
CVE-2026-8024 [CRITICAL] CWE-502 A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.
A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access to the affected systems.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-18
Published