Is Tsportal affected by EUVD-2026-10067?

CVE-2026-29788 affects TSPortal, WikiTide Foundation's Trust and Safety platform, enabling attackers to forge deletion reports as legitimate user requests through empty string manipulation.

EUVD-2026-10067

| CVE-2026-29788 HIGH

2026-03-06 [email protected]

GHSA-gfhq-7499-f3f2

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

EUVD ID Assigned

Mar 12, 2026 - 22:06 euvd

EUVD-2026-10067

PoC Detected

Mar 11, 2026 - 14:00 vuln.today

Public exploit code

CVE Published

Mar 06, 2026 - 21:16 nvd

HIGH 7.5

Description

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been patched in version 30.

Analysis

TSPortal versions prior to 30 contain a logic flaw where empty strings are converted to null values, enabling attackers to forge Data Protection Act reports as legitimate user deletion requests. This affects the WikiTide Foundation's Trust and Safety platform and could allow misuse of the reporting system to obscure malicious activity. …

Remediation

Within 24 hours: disable TSPortal's report conversion feature or restrict access to the Trust and Safety team only; alert all TSPortal users of the vulnerability. Within 7 days: conduct forensic audit of all deletion reports processed since TSPortal v29 deployment to identify potentially forged requests; implement mandatory manual verification of all deletion reports before processing. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: +20

EUVD-2026-10067 vulnerability details – vuln.today

Back

EUVD-2026-10067

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-10067

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code