A vulnerability classified as critical was found in fraillt bitsery up to 5.2.4 . Affected is the function loadFromSharedState in the library include/bitsery/ext/std_smart_ptr.h . Such manipulation leads to improper validation of specified type of input. This vulnerability is referenced as CVE-2026-9521 . It is possible to launch the attack remotely. Furthermore, an exploit is available. Upgrading the affected component is advised.