Home / Vulnerability Intelligence / CVE-2026-3422

CVE-2026-3422 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 2, 2026

e-Excellence U-Office Force - Insecure Deserialization

Published: March 2, 2026Updated: March 2, 2026Remote Exploitable

Overview

e-Excellence U-Office Force contains an insecure deserialization vulnerability caused by processing maliciously crafted serialized content, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no special privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 40.4%(Probability of exploitation in next 30 days)

Impact

Unauthenticated remote attackers can execute arbitrary code on the server, potentially leading to full system compromise.

Mitigation

Update to the latest version.

References

Social Media Activity(2 posts)

Offensive Sequence

@offseq

Mar 2, 2026

🚨 CRITICAL: CVE-2026-3422 in e-Excellence U-Office Force enables unauthenticated remote code execution via insecure deserialization (CWE-502). No patch — restrict access, monitor traffic, use WAF/RASP. https://radar.offseq.com/threat/cve-2026-3422-cwe-502-deserialization-of-untrusted-c53bebca #OffSeq #Vulnerability #Infosec #CVE20263422

View original post

TheHackerWire

@thehackerwire

Mar 2, 2026

🔴 CVE-2026-3422 - Critical (9.8) U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized content. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3422/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3422
Severity: Critical
CVSS Score: 9.8
Type: insecure_deserialization
Status: unconfirmed
EPSS: 40.4%
Social Posts: 2

CWE

CWE-502

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

40.4%Probability of exploitation in the next 30 days