CVE-2026-49953
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
Discuz! X5.0 versions from 20260320 to 20260610 contain a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images.
Risk Assessment
Attackers can exploit this vulnerability to automate abuse of login, registration, and other functionalities, potentially leading to unauthorized access to the system.
Recommendation
It is recommended to update to the latest version of Discuz! X5.0 to mitigate this vulnerability and implement additional CAPTCHA security mechanisms.
Original NVD description (English source)
Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical character recognition model against collected CAPTCHA samples to reliably predict challenge text, bypassing protections on login, registration, and other functionality from automated abuse.

