CVE Catalog

CVE-2026-56031

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

23th percentile — higher than 23% of all known CVEs

Summary

The vulnerability allows an unauthenticated attacker to perform PHP Object Injection in Uncanny Automator versions up to and including 7.3.1.2. This can lead to remote code execution or other dangerous operations on the server.

Risk Assessment

The risk for the organization includes potential server takeover, data theft, or website disruption without requiring any user authentication.

Recommendation

Immediately update the Uncanny Automator plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS