CVE-2026-37106
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
An issue in DokuWiki 2025-05-14b 'Librarian' 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. The supplier disputes this as a vulnerability, stating it is intentional behavior when self-registration is enabled (a non-default feature).
Risk Assessment
The risk is that if self-registration is enabled, an attacker can create an account without authorization, potentially leading to unauthorized access to the system.
Recommendation
It is recommended to disable the self-registration feature in DokuWiki configuration if not required, and implement additional authentication mechanisms.
Original NVD description (English source)
An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration (a non-default feature).

