CVE Catalog

CVE-2026-49953

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile — higher than 28% of all known CVEs

Summary

Discuz! X5.0 versions from 20260320 to 20260610 contain a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images.

Risk Assessment

Attackers can exploit this vulnerability to automate abuse of login, registration, and other functionalities, potentially leading to unauthorized access to the system.

Recommendation

It is recommended to update to the latest version of Discuz! X5.0 to mitigate this vulnerability and implement additional CAPTCHA security mechanisms.

Original NVD description (English source)

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical character recognition model against collected CAPTCHA samples to reliably predict challenge text, bypassing protections on login, registration, and other functionality from automated abuse.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS