CVE-2026-44961

NONE EPSS 21.9%
Published Jun 23, 20261w ago · Modified Jun 23, 20261w ago
Find Similar
Published Jun 23, 2026 1w ago
Last Modified Jun 23, 2026 1w ago

Description

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.

Threat Intelligence

EPSS Exploit Probability
21.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-287 Improper Authentication Authentication

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.