The vulnerability CVE-2026-27082 affects ThemeREX Love Story versions up to 1.3.12 and is caused by unsafe deserialization of untrusted data, which allows an attacker to perform object injection. This can lead to remote code execution or other severe impacts on the system. The CVSS 3.1 base score is 9.8, reflecting the critical nature of this vulnerability with network attack vector, no privileges required, and no user interaction needed. The vulnerability affects confidentiality, integrity, and availability of the affected product. No official patch or fix has been documented in the provided data.

Successful exploitation of this vulnerability can result in full compromise of the affected system, including unauthorized disclosure of information, modification of data, and disruption of service. Given the critical CVSS score and the nature of object injection via deserialization, attackers could execute arbitrary code or commands remotely without authentication or user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or restricting features that process serialized data if possible, and monitor for updates from ThemeREX regarding patches or mitigations. No vendor advisory or official fix information is currently provided.