{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24815", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:48:56.893Z", "datePublished": "2026-01-27T08:51:58.830Z", "dateUpdated": "2026-01-27T20:41:20.316Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/datavane/tis", "defaultStatus": "unaffected", "modules": ["tis-plugin/src/main/java/com/qlangtech/tis/extension/impl"], "product": "tis", "programFiles": ["XmlFile.java"], "vendor": "datavane", "versions": [{"lessThan": "v4.3.0", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules).<p> This vulnerability is associated with program files <tt>XmlFile.Java</tt>.</p><p>This issue affects tis: before v4.3.0.</p>"}], "value": "Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules). This vulnerability is associated with program files XmlFile.Java.\n\nThis issue affects tis: before v4.3.0."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "PRESENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:51:58.830Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/datavane/tis/pull/443"}], "source": {"discovery": "UNKNOWN"}, "title": "A XStream Security Vulnerability in XML Deserialization in datavane/tis", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T20:41:09.513226Z", "id": "CVE-2026-24815", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T20:41:20.316Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24815", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-27T20:41:09.513226Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T20:41:16.316Z"}}], "cna": {"title": "A XStream Security Vulnerability in XML Deserialization in datavane/tis", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "USER", "baseScore": 10, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "datavane", "modules": ["tis-plugin/src/main/java/com/qlangtech/tis/extension/impl"], "product": "tis", "versions": [{"status": "affected", "version": "0", "lessThan": "v4.3.0", "versionType": "git"}], "programFiles": ["XmlFile.java"], "collectionURL": "https://github.com/datavane/tis", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/datavane/tis/pull/443", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules). This vulnerability is associated with program files XmlFile.Java.\n\nThis issue affects tis: before v4.3.0.", "supportingMedia": [{"type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules).<p> This vulnerability is associated with program files <tt>XmlFile.Java</tt>.</p><p>This issue affects tis: before v4.3.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:51:58.830Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24815", "state": "PUBLISHED", "dateUpdated": "2026-01-27T20:41:20.316Z", "dateReserved": "2026-01-27T08:48:56.893Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:51:58.830Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules). This vulnerability is associated with program files XmlFile.Java.\n\nThis issue affects tis: before v4.3.0."}, {"lang": "es", "value": "Vulnerabilidad de carga sin restricciones de archivo con tipo peligroso, deserializaci\u00f3n de datos no confiables en datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl m\u00f3dulos). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa XmlFile.Java.\n\nEste problema afecta a tis: antes de la v4.3.0."}], "id": "CVE-2026-24815", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "PRESENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:51.967", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/datavane/tis/pull/443"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}, {"lang": "en", "value": "CWE-502"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T02:21:49.305566+00:00", "value": {"mitigation_remediation": ["Upgrade TIS to version 4.3.0 or later where the upload handler validates file types and fixes XStream deserialization.", "If an upgrade is not immediately feasible, disable or remove the public XML upload feature to prevent attackers from submitting files.", "Restrict the server\u2011side file upload path to only allow safe, non\u2011executable file types and enforce strict MIME type checks.", "Implement application\u2011level input validation to reject any files that do not conform to the allowed types and confirm file extensions match the content."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is the TIS platform (datavane:tis). Versions prior to 4.3.0 contain the issue in the tis\u2011plugin module, specifically the XmlFile class in tis-plugin/src/main/java/com/qlangtech/tis/extension/impl. No other versions are known to be affected. Vulnerable implementations must be upgraded to 4.3.0 or later.", "description_and_impact": "The vulnerability arises when the TIS platform accepts XML files from users and deserializes them using XStream without validating the content or file type. An attacker can supply a crafted XML document that contains a reference to a dangerous file type, and when the platform deserializes it, arbitrary bytecode can be executed. This flaw enables remote code execution, allowing an attacker to run code on the server, potentially taking full control. The weakness is categorized under Unrestricted Upload of File with Dangerous Type (CWE\u2011434) and Deserialization of Untrusted Data (CWE\u2011502).", "risk_and_exploitability": "The CVSS score of 10 indicates a critical severity. The EPSS score of less than 1\u202f% suggests that, although the flaw is severe, some analyst estimates the current exploitation likelihood is low; however, the presence of this flaw in a widely used system warrants concern. The flaw was not catalogued in the CISA KEV list, implying no public exploitation reports have been reported. Attackers can likely exploit the vulnerability remotely by uploading a malicious XML file to the public upload endpoint of the TIS service, assuming no authentication or weak authentication is in place. If authentication is required, the attacker would need to compromise valid credentials first. The flaw is a perfect candidate for remote code execution once the deserialization occurs."}}}}, "created": "2026-01-27T20:17:12.412340+00:00", "updated": "2026-04-18T02:30:15.862108+00:00", "vendors": ["datavane", "datavane$PRODUCT$tis"]}