Several security issues affecting Blesta versions 3.0.0 through 5.13.1 have been identified!
There is no evidence to suggest that these are publicly known at the time of this notification.

However you should take action now to patch your installation.

Regarding the Security vulnerabilities:

An input validation vulnerability (CORE-5665) and object injection vulnerabilities (CORE-5668, CORE-5680) have been discovered. One of these vulnerabilities could potentially allow remote code execution under certain conditions. We recommend applying the appropriate patch for your release, or upgrading to version 5.13.2 as soon as possible. We give this an impact rating of Critical.

Read the Security Advisory for more information at https://www.blesta.com/2026/01/28/security-advisory/ and to download a patch for your version.

You have the following Options:

Full upgrade:

• - If you are running version 3.0.x through 5.10.x, upgrade to 5.13.2 Full.

Patches:

• - If you are running version 5.13.x, apply the 5.13.2 patch.
• - If you are running version 5.12.x, apply the 5.12.4 patch.
• - If you are running version 5.11.x apply the 5.11.5 patch.

Only versions 5.11.5, 5.12.4, and 5.13.2 are not impacted by these vulnerabilities. If you are unable to upgrade now, there are mitigation steps included in the announcement that address the most serious issue.

To determine the version of Blesta you are running, login to the admin area of your installation. The version is shown in the footer.

Upgrade Documentation