This vulnerability in CBX Poll arises from unsafe deserialization of untrusted data, enabling an attacker to perform object injection attacks. Such attacks can allow remote code execution or other malicious actions without requiring user interaction or privileges. The affected versions include all releases up to and including 2.0.4. The CVSS 3.1 base score of 9.8 reflects network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability.

Successful exploitation can result in complete compromise of the affected system, including unauthorized disclosure, modification, or destruction of data and disruption of service. Given the critical CVSS score, the impact is severe, potentially allowing remote attackers to execute arbitrary code or take full control of the system running CBX Poll.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or restricting access to CBX Poll instances, especially from untrusted networks, to reduce exposure. Monitor vendor channels for updates and apply patches promptly once available.