Product
A critical unrestricted file upload vulnerability, CVE-2026-56291, in Balbooa Forms allows an unauthenticated attacker to upload executable files, potentially leading to arbitrary code execution on the server.