Vulnerabilities4 min read
U-Office Force CVE-2026-3422 Enables Unauthenticated RCE
Critical insecure deserialization vulnerability in U-Office Force allows remote attackers to execute arbitrary code without authentication. CVSS 9.8, no patch available yet.
Marcus ChenMar 2, 2026