CVE Catalog

CVE-2026-37106

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

40th percentile — higher than 40% of all known CVEs

Summary

An issue in DokuWiki 2025-05-14b 'Librarian' 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. The supplier disputes this as a vulnerability, stating it is intentional behavior when self-registration is enabled (a non-default feature).

Risk Assessment

The risk is that if self-registration is enabled, an attacker can create an account without authorization, potentially leading to unauthorized access to the system.

Recommendation

It is recommended to disable the self-registration feature in DokuWiki configuration if not required, and implement additional authentication mechanisms.

Original NVD description (English source)

An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration (a non-default feature).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS