CVE Catalog

CVE-2026-56032

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Summary

The vulnerability in Buddyboss Platform versions up to 3.0.4 allows subscribers to perform PHP object injection. An attacker can exploit this flaw to execute arbitrary code on the server.

Risk Assessment

The risk includes server compromise, data theft, or website content modification by an authenticated user with low privileges.

Recommendation

It is recommended to immediately update the Buddyboss Platform plugin to version 3.0.5 or later, which fixes this vulnerability.

Original NVD description (English source)

Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS