CVE Catalog

CVE-2026-44961

UnknownCVSS 0.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile - higher than 22% of all known CVEs

Summary

The addUser method in the XML-RPC API has a validation bypass introduced in the fix for CVE-2025-55129. API users could create usernames that enabled impersonation or stored XSS attacks.

Risk Assessment

The organization may be exposed to impersonation attacks and XSS attacks, which could lead to data theft or compromise of system integrity.

Recommendation

It is recommended to update to the latest version of the software to eliminate the validation bypass and implement additional security measures.

Original NVD description (English source)

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS