CVE Catalog

CVE-2026-39532

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile - higher than 26% of all known CVEs

Summary

Events Calendar for GeoDirectory versions up to 2.3.25 contain a PHP Object Injection vulnerability, which may lead to unauthorized access or data manipulation.

Risk Assessment

Organizations using these versions may be exposed to attacks that could result in data loss or security breaches.

Recommendation

It is recommended to update to the latest version of Events Calendar to mitigate this vulnerability.

Original NVD description (English source)

Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS