This is a critical unauthenticated deserialization vulnerability in Themeton Finag that enables object injection. All versions of Finag up to and including 1.5.0 are affected by this flaw. It has a 9.8 CVSS v3 score, placing it in the highest severity category.
Remediation
Update to the latest patched version of Themeton Finag as soon as a security fix is available. Block public access to vulnerable Finag instances until remediation is completed. Regularly scan systems for signs of unauthorized activity related to this vulnerability.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.