Primary

Context

Blesta Input Validation Vulnerability Allowing Remote Code Execution

Vulnerability

An input validation vulnerability has been identified in Blesta versions 3.x through 5.x prior to 5.13.3. This vulnerability, known as CORE-5665, could potentially allow remote code execution under certain conditions.

Impact

Exploitation of this vulnerability could lead to remote code execution on the server where Blesta is installed.

Remediation

Users are advised to upgrade to Blesta version 5.13.3. Instructions for upgrading and patching existing installations are available in the Blesta user manual. If using an unsupported version between 3.0 and 5.10, upgrade to 5.13.3.

Added: Feb 3, 2026, 8:18 PM

Updated: Feb 3, 2026, 8:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

7.4

remediation

0.0

relevance

2.7

threat

0.1

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

7.4

remediation

0.0

relevance

2.7

threat

0.1

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Blesta Input Validation Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating