Cross Site Scripting Vulnerability in vBulletin Login Component
CVE-2026-9357

5.1MEDIUM

Key Information:

Vendor

vBulletin

Status
Vbulletin
Vendor
CVE Published:
24 May 2026

What is CVE-2026-9357?

A vulnerability identified in vBulletin 6.x allows for cross site scripting through an unprotected function in the Login component. This security flaw enables attackers to perform remote manipulations, potentially compromising user data or session integrity. The exploit has been publicly disclosed, heightening the urgency for users to secure their systems. Despite early notification to the vendor regarding this issue, there has been no response, leaving users at risk.

Affected Version(s)

vBulletin 6.*

References

https://vuldb.com/vuln/365320
vdb-entry
https://vuldb.com/vuln/365320/cti
signaturepermissions-required
https://vuldb.com/submit/813052
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

chor4o (VulDB User)
VulDB CNA Team
.