GHSA-9wv7-mm8f-m6cxLow

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129....

Published
June 23, 2026
Last Modified
June 23, 2026

🔗 CVE IDs covered (1)

📋 Description

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.

🔗 References (3)