CAPTCHA Bypass Vulnerability in Discuz! Software by Discuz!
CVE-2026-49953

6.9MEDIUM

Key Information:

Vendor

Discuz!

Status
Discuz! X5.0
Vendor
CVE Published:
15 June 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-49953?

The Discuz! X5.0 software versions released between 20260320 and 20260501 are affected by a CAPTCHA bypass vulnerability. This vulnerability allows unauthenticated remote attackers to circumvent challenge mechanisms that are meant to protect functionalities such as login and registration. By exploiting predictable character sets and limited complexity in the generated CAPTCHA images, attackers can effectively bypass these defenses using optical character recognition techniques. This can lead to automated abuse of the platform, emphasizing the need for urgent remediation.

Affected Version(s)

Discuz! X5.0 20260320 <= 20260610

References

https://karmainsecurity.com/KIS-2026-10
technical-description
https://karmainsecurity.com/chaining-bugs-in-discuz-from-...
exploit
https://www.vulncheck.com/advisories/discuz-x5-0-captcha-...
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Egidio Romano
.