CVE-2024-26289 – CVE-2024-26289 is a critical deserialization vu... (How to Fix)

Q: What is the severity of CVE-2024-26289?

CVE-2024-26289 has a CVSS score of 9.8 (CRITICAL). CVE-2024-26289 is a critical deserialization vulnerability in PMB Services PMB that allows remote attackers to execute arbitrary code by sending malicious serialized data. This affects PMB installations running vulnerable versions, potentially compromising the entire system. Organizations using affected PMB versions for library management or similar functions are at risk.

📋 TL;DR

CVE-2024-26289 is a critical deserialization vulnerability in PMB Services PMB that allows remote attackers to execute arbitrary code by sending malicious serialized data. This affects PMB installations running vulnerable versions, potentially compromising the entire system. Organizations using affected PMB versions for library management or similar functions are at risk.

💻 Affected Systems

Products:

PMB Services PMB

Versions: from 7.5.1 before 7.5.6-2, from 7.4.1 before 7.4.9, from 7.3.1 before 7.3.18

Operating Systems: All platforms running PMB

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within affected version ranges are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with complete administrative control, data theft, lateral movement to other systems, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to web server compromise, data exfiltration, and potential ransomware deployment.

🟢

If Mitigated

Limited impact with proper network segmentation, but still potential for application-level compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public advisory includes technical details that could be weaponized. CVSS 9.8 indicates trivial exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.5.6-2, 7.4.9, 7.3.18 or later

Vendor Advisory: https://forge.sigb.net/projects/pmb/files

Restart Required: Yes

Instructions:

1. Download latest patched version from PMB forge. 2. Backup current installation and database. 3. Replace files with patched version. 4. Restart web server and PMB services.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict access to PMB application to trusted IP addresses only

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Web Application Firewall

all

Deploy WAF with deserialization attack detection rules

🧯 If You Can't Patch

Isolate PMB system in separate network segment with strict egress filtering
Implement application-level monitoring for suspicious deserialization patterns

🔍 How to Verify

Check if Vulnerable:

Check PMB version in administration interface or by examining version files in installation directory

Check Version:

grep -r 'version' /path/to/pmb/installation/*.php | grep -i '7\.'

Verify Fix Applied:

Verify version number is 7.5.6-2, 7.4.9, 7.3.18 or later in PMB admin interface

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to PMB endpoints
Base64 encoded or serialized data in request logs
Unexpected process execution from web server user

Network Indicators:

HTTP requests containing serialized PHP objects
Outbound connections from PMB server to unknown destinations

SIEM Query:

source="pmb_access.log" AND (method="POST" AND uri="/pmb/opac_css/*" AND size>10000)

📊 Metadata

CVE ID: CVE-2024-26289

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: May 27, 2024

Last Updated: April 4, 2025

🔗 References

https://forge.sigb.net/projects/pmb/files Product
https://github.com/enisaeu/CNW/blob/main/advisories/2024/CNW-2024-A-12.md Third Party Advisory
https://forge.sigb.net/projects/pmb/files Product
https://github.com/enisaeu/CNW/blob/main/advisories/2024/CNW-2024-A-12.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26289, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Pmb by Sigb

Pmb by Sigb

Pmb by Sigb

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Access Restriction

Web Application Firewall

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities