Authorization Vulnerability in Zhininboke Xianyu-Auto-Reply Backend User Endpoint
CVE-2026-15752

6.9MEDIUM

Key Information:

Vendor
CVE Published:
14 July 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-15752?

A vulnerability exists in the Zhininboke Xianyu-Auto-Reply system, specifically within the user management functionality of the Backend User Endpoint. This flaw allows an attacker to bypass authorization checks, potentially leading to unauthorized access to sensitive user data. The exploit can be executed remotely, increasing the risk of exploitation. While a rolling release model complicates version tracking, a patch has been made available that addresses this issue. Users are strongly advised to implement the provided updates to mitigate potential threats.

Affected Version(s)

xianyu-auto-reply dcb445ad97816ad65299a7580ee0c8c8f929da84

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Galaxyn (VulDB User)
.