What is CVE-2026-53675?

CVE-2026-53675 is a medium-severity vulnerability, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 4.3/10. Published 2026-06-10.

How severe is CVE-2026-53675?

Medium severity. CVSS v3 base score is 4.3 out of 10.

CVE-2026-53675

CVE-2026-53675

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an…

Vulnerability class: IDOR (Insecure Direct Object Reference)

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com

Frequently asked questions

What is CVE-2026-53675?: CVE-2026-53675 is a medium-severity vulnerability, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 4.3/10. Published 2026-06-10.
How severe is CVE-2026-53675?: Medium severity. CVSS v3 base score is 4.3 out of 10.