Skip to main content

Xwiki Platform

1 CVEs product

Monthly

CVE-2026-33137 Maven CRITICAL PATCH GHSA Act Now

{wikiName} REST endpoint, which was missing authorization checks. Affects all releases prior to 16.10.17, 17.4.9, 17.10.3, 18.0.1, and 18.1.0-rc-1. CVSS 4.0 base score is 9.3 (critical) with no public exploit identified at time of analysis, but the patch commit clearly exposes the trivial nature of the bypass.

Authentication Bypass Xwiki Platform
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

{wikiName} REST endpoint, which was missing authorization checks. Affects all releases prior to 16.10.17, 17.4.9, 17.10.3, 18.0.1, and 18.1.0-rc-1. CVSS 4.0 base score is 9.3 (critical) with no public exploit identified at time of analysis, but the patch commit clearly exposes the trivial nature of the bypass.

Authentication Bypass Xwiki Platform
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy