COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Balbooa vendor

· dossier confidence 50%

Balbooa is a vendor with a critical security posture, evidenced by two confirmed RCE vulnerabilities in July 2026 involving unauthenticated file uploads in their Forms extension.

2
failure events
0
zero-days
2
RCEs
1
on KEV
1
critical
85
worst shame

Profile

Category
vendor
What they do
Balbooa is a vendor providing software components, specifically a Forms extension, for enterprise applications.

Security posture

Critical security posture with two confirmed RCE vulnerabilities in July 2026 involving unauthenticated file uploads.

Notable failures
  • CVE-2026-56291: Unauthenticated arbitrary file upload leading to full RCE
  • CVE-2026-56291: Balbooa Forms extension enables unauthenticated RCE via arbitrary file upload
  • High severity RCE in Balbooa Forms
Patterns
Repeated unpatched edge-device RCEs

Failure history 2 events

DateEventSevFlagsShameSummary
2026-07-10 CVE-2026-56291 high ⚡RCE ⌖KEV 85 Balbooa Forms allows unauthenticated arbitrary file upload leading to full RCE.
2026-07-09 CVE-2026-56291 critical ⚡RCE 85 Balbooa Forms extension enables unauthenticated RCE via arbitrary file upload.

Dossier sources

Open questions: Balbooa's corporate identity and ownership structure · Balbooa's founding date and headquarters location · Balbooa's employee count and market size