CVE-2026-25615

Description

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668.

PUBLISHED Reserved 2026-02-03 | Published 2026-02-03 | Updated 2026-02-05 | Assigner mitre

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

References

seclists.org/fulldisclosure/2026/Feb/1

www.blesta.com/2026/01/28/security-advisory/

cve.org (CVE-2026-25615)

nvd.nist.gov (CVE-2026-25615)

Download JSON