Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Liferay Portal Deserialization Vulnerability Leading to Remote Code Execution

Vulnerability

A deserialization vulnerability allowing remote code execution has been identified in Liferay Portal versions prior to 7.2.1 CE GA2. This vulnerability arises from the insecure handling of data in the JSON web services interface, allowing attackers to execute arbitrary code on the server.

Impact

Exploitation of this vulnerability allows for unauthorized remote code execution on the server, with the executed code running under the context of the Liferay user.

Reproduction

The vulnerability can be reproduced by sending a crafted JSON object that, when deserialized, triggers the execution of malicious code. This can be done using a Metasploit module designed for this purpose, which automates the exploitation process by uploading a malicious Java class that is executed on the server.

Remediation

Users are advised to update to Liferay Portal version 7.2.1 CE GA2 or later.

Added: May 15, 2026, 1:02 PM
Updated: May 15, 2026, 1:02 PM

Vulnerability Rating

Custom Algorithm
spread
3.1
impact
10.0
exploitability
9.2
remediation
7.7
relevance
0.0
threat
9.9
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.