CVE-2026-23891

Sažetak

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. This issue has been fixed in versions 0.30.5 and 0.31.1.

Reference

https://github.com/decidim/decidim/releases/tag/v0.30.5
https://github.com/decidim/decidim/releases/tag/v0.31.1
https://github.com/decidim/decidim/security/advisories/GHSA-fc46-r95f-hq7g

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

17-04-2026 - 15:38

Objavljeno

13-04-2026 - 17:16