CVE-2026-35056 | XenForo up to 2.2.17/2.3.8 code injection

April 1, 2026 Yanac

A vulnerability was found in XenForo up to 2.2.17/2.3.8. It has been rated as critical. This affects an unknown part. Performing a manipulation results in code injection.

This vulnerability was named CVE-2026-35056. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More