Back

OCaml Vulnerability CVE-2026-28364 Allows Remote Code Execution

Severity: High (Score: 63.7)

Sources: Windowsforum, Api.Msrc.Microsoft

Summary

A vulnerability tracked as CVE-2026-28364 affects OCaml versions prior to 4.14.3 and 5.x before 5.4.1, enabling remote code execution through a multi-phase attack chain. This issue arises from a buffer over-read in the Marshal deserialization process due to missing bounds validation in the readblock() function. Patches have been released to address this vulnerability.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2026-28364 (cve)
  • T1203 - Exploitation for Client Execution (mitre_attack)
  • OCaml (platform)
  • OCaml Marshal Vulnerability (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed