Insecure Deserialization

Insecure deserialization occurs when untrusted data is deserialized, enabling code execution or logic manipulation.

#appsec#cwe

Last updated: 2025-09-02T00:00:00.000Z

Evidence

CWE CWE-502 Normative evidence
cwe.mitre.org

Mappings

CWE-502

More context

Avoid deserializing untrusted data and use safe formats; enforce integrity checks and type constraints.