CVE-2026-44961

info

Description

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.

References

https://hackerone.com/reports/3680090

Details

Source: Mitre, NVD

Published: 2026-06-23

Updated: 2026-06-25

00
EPSS

EPSS: 0.00303