Authorization Vulnerability in Zhininboke Xianyu-Auto-Reply Backend User Endpoint
CVE-2026-15752
6.9MEDIUM
What is CVE-2026-15752?
A vulnerability exists in the Zhininboke Xianyu-Auto-Reply system, specifically within the user management functionality of the Backend User Endpoint. This flaw allows an attacker to bypass authorization checks, potentially leading to unauthorized access to sensitive user data. The exploit can be executed remotely, increasing the risk of exploitation. While a rolling release model complicates version tracking, a patch has been made available that addresses this issue. Users are strongly advised to implement the provided updates to mitigate potential threats.
Affected Version(s)
xianyu-auto-reply dcb445ad97816ad65299a7580ee0c8c8f929da84
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Credit
Galaxyn (VulDB User)
