Authentication Bypass Vulnerability in Discuz! X5.0 by Discuz
CVE-2026-49952

9.3CRITICAL

Key Information:

Vendor

Discuz!

Status
Discuz! X5.0
Vendor
CVE Published:
15 June 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-49952?

The vulnerability in Discuz! X5.0 enables unauthenticated remote attackers to exploit the shared cryptographic key used in UCenter integration, granting them unauthorized access to the database backup and restore features via the dbbak.php file. By injecting a tailored payload through the username parameter during the login process, attackers can misuse the encryption oracle found in the logging_ctl::logging_more() function. This allows them to acquire a validly signed token, thereby circumventing authorization protocols for database export and import operations. Furthermore, attackers can trigger a race condition to impersonate arbitrary users, significantly escalating the risk of unauthorized database access.

Affected Version(s)

Discuz! X5.0 20260320 <= 20260501

References

https://karmainsecurity.com/KIS-2026-09
technical-description
https://karmainsecurity.com/chaining-bugs-in-discuz-from-...
exploit
https://gitee.com/Discuz/DiscuzX/commit/9962dad52c4c6999d...
patch

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Egidio Romano
.