CVE-2026-44961

NONE NVD

CVSS Score 0

Severity NONE

Published Jun 23, 2026

Vendor unknown

Description

The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper validation has been added where it was missing.

References

https://hackerone.com/reports/3680090