Date Posted: 2026/03/05

[Vulnerability Alert] First In First Out Technology | U-Office Force - Insecure Deserialization

  • Subject Explanation: [Vulnerability Alert] First In First Out Technology | U-Office Force - Insecure Deserialization


  • Content Description:
    • Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000003
    • [First In First Out Technology | U-Office Force - Insecure Deserialization] (CVE-2026-3422, CVSS: 9.8) U-Office Force developed by First In First Out Technology contains an insecure deserialization vulnerability. An unauthenticated remote attacker can execute arbitrary code on the server side by sending malicious serialized content.
  • Impacted Platforms:
    • U-Office Force 29.50 and earlier versions
  • Suggested Measures:
    • Please update to version 29.50SP1 and later versions
  • References:
    1. https://www.twcert.org.tw/tw/cp-132-10742-45b13-1.html

Computer and Communication Center
Network Systems Division