CYBERHAWK / CVE / CVE-2026-53673

CVE-2026-53673

HIGH CVSS 8.1 other

The flaw

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id parameter in the request. Attackers

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-53673

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits