Oinone Pamirs <=7.2.0 Remote Deserialization via JsonUtils.parseMap
CVE-2026-8735 Published on May 17, 2026
Oinone Pamirs appConfigQuery PamirsParserConfig.java JsonUtils.parseMap deserialization
A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the function JsonUtils.parseMap of the file PamirsParserConfig.java of the component appConfigQuery Interface. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2026-8735 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2026-8735
Want to know whenever a new CVE is published for Oinone Pamirs? stack.watch will email you.
Affected Versions
Oinone Pamirs:- Version 7.0 is affected.
- Version 7.1 is affected.
- Version 7.2.0 is affected.