FAIL › dossier
· dossier confidence 50%
Balbooa is a vendor with a critical security posture, evidenced by two confirmed RCE vulnerabilities in July 2026 involving unauthenticated file uploads in their Forms extension.
Critical security posture with two confirmed RCE vulnerabilities in July 2026 involving unauthenticated file uploads.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2026-07-10 | CVE-2026-56291 | high | ⚡RCE ⌖KEV | 85 | Balbooa Forms allows unauthenticated arbitrary file upload leading to full RCE. |
| 2026-07-09 | CVE-2026-56291 | critical | ⚡RCE | 85 | Balbooa Forms extension enables unauthenticated RCE via arbitrary file upload. |
Open questions: Balbooa's corporate identity and ownership structure · Balbooa's founding date and headquarters location · Balbooa's employee count and market size