CVE-2026-44961
NONE EPSS 21.9%
Published Jun 23, 20261w ago · Modified Jun 23, 20261w ago
Published Jun 23, 2026 1w ago
Last Modified Jun 23, 2026 1w ago
Description
The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.
Threat Intelligence
EPSS Exploit Probability
21.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-287 Improper Authentication Authentication
References 1
- hackerone.com https://hackerone.com/reports/3680090
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.