CVE Catalog
CVE-2026-56032
CriticalCVSS 9.8Summary
The vulnerability in Buddyboss Platform versions up to 3.0.4 allows subscribers to perform PHP object injection. An attacker can exploit this flaw to execute arbitrary code on the server.
Risk Assessment
The risk includes server compromise, data theft, or website content modification by an authenticated user with low privileges.
Recommendation
It is recommended to immediately update the Buddyboss Platform plugin to version 3.0.5 or later, which fixes this vulnerability.
Original NVD description (English source)
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.

