ZDI 2026-04-15

ZDI-26-273: Microsoft Olive Deserialization of Untrusted Data Remote Code Execution Vulnerability

Machine-generated analysis · WAYSCloud LLM

The vulnerability requires user interaction, such as visiting a malicious page or opening a malicious file, to trigger remote code execution via deserialization of untrusted data.

Context

Microsoft Olive is affected by a deserialization of untrusted data vulnerability. This condition could allow remote code execution if exploited. The advisory notes that user interaction is necessary for exploitation. Worth noting is that the CVSS score is rated 7.8, indicating a medium to high severity impact.

Operator considerations

Log: Monitor for unusual activity following user access to web pages or files.

From Zero Day Initiative ↗

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Olive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.

Read the full advisory on ZDI →