Solaris ThemeREX Solaris Deserialization Vulnerability Exposes Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Solaris ThemeREX Solaris Deserialization Vulnerability Exposes Data

CVE-2026-22454

Summary

The Solaris theme management tool ThemeREX Solaris has a security weakness. If an attacker sends malicious data to the system, it could inject unauthorized objects, potentially causing unexpected behavior or even system compromise. Update to version 2.6 or later to fix this issue.

Original title

Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through <= 2.5.

Original description

Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through <= 2.5.

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Theme/solaris/vulnerability/wordpress-...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026