CVE-2026-11860 — Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject mali — CVE Database · The Intelligence Room