CVE Catalog

CVE-2026-56057

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.43%

34th percentile — higher than 34% of all known CVEs

Summary

The Uncanny Automator Pro plugin version 7.3.0.6 and earlier is vulnerable to PHP Object Injection via a Subscriber role. An attacker can remotely execute arbitrary code on the server.

Risk Assessment

The risk for the organization includes server compromise, data theft, or further propagation of the attack within the internal network.

Recommendation

It is recommended to immediately update the Uncanny Automator Pro plugin to a version newer than 7.3.0.6 and restrict Subscriber user permissions.

Original NVD description (English source)

Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS