GHSA-9M65-766C-R333: GHSA-9M65-766C-R333: Type Confusion in Seroval Leading to Unintended Functio…

1 / 2

GHSA-9M65-766C-R333: GHSA-9M65-766C-R333: Type Confusion in Seroval Leading to Unintended Function Execution in TanStack Start

DEV Community·CVE Reports·19 days ago

#Yztfpznv

#security #cve #cybersecurity #ghsa #tanstack #seroval

Reading 0:00

15s threshold

GHSA-9M65-766C-R333: Type Confusion in Seroval Leading to Unintended Function Execution in TanStack Start Vulnerability ID: GHSA-9M65-766C-R333 CVSS Score: 7.1 Published: 2026-05-14 A type confusion vulnerability in the seroval deserialization library (CWE-843) exposes TanStack Start server functions to unintended sibling function invocation. Upstream, this flaw can lead to remote code execution (CVE-2026-23737). TL;DR TanStack Start is vulnerable to deserialization type confusion via the seroval library. Attackers can craft JSON payloads to silently trigger unintended server functions, bypassing request-level middleware and audit logs.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-9M65-766C-R333: GHSA-9M65-766C-R333: Type Confusion in Seroval Leading to Unintended Function Execution in TanStack Start