{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-26477", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-08T18:58:43.482Z", "dateReserved": "2026-02-16T00:00:00.000Z", "datePublished": "2026-04-03T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "DokuWiki", "vendor": "DokuWiki", "versions": [{"status": "affected", "version": "2025-05-14b", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An issue in Dokuwiki v.2025-05-14b \"Librarian\" [56.2] allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T18:58:43.482Z"}, "references": [{"url": "https://github.com/Hebing123/cve/issues/94"}, {"url": "https://github.com/dokuwiki/dokuwiki/releases/tag/release-2025-05-14b"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*", "versionStartIncluding": "2025-05-14b", "versionEndIncluding": "2025-05-14b"}]}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T15:03:21.767952Z", "id": "CVE-2026-26477", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T15:04:29.119Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-26477", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T15:03:21.767952Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T15:01:26.182Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}}], "affected": [{"vendor": "DokuWiki", "product": "DokuWiki", "versions": [{"status": "affected", "version": "2025-05-14b", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/Hebing123/cve/issues/94"}, {"url": "https://github.com/dokuwiki/dokuwiki/releases/tag/release-2025-05-14b"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "An issue in Dokuwiki v.2025-05-14b \"Librarian\" [56.2] allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "2025-05-14b", "versionStartIncluding": "2025-05-14b"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-08T18:58:43.482Z"}}}, "cveMetadata": {"cveId": "CVE-2026-26477", "state": "PUBLISHED", "dateUpdated": "2026-04-08T18:58:43.482Z", "dateReserved": "2026-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-03T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Dokuwiki v.2025-05-14b \"Librarian\" [56.2] allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file"}], "id": "CVE-2026-26477", "lastModified": "2026-04-08T19:25:13.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-03T15:16:05.093", "references": [{"source": "cve@mitre.org", "url": "https://github.com/Hebing123/cve/issues/94"}, {"source": "cve@mitre.org", "url": "https://github.com/dokuwiki/dokuwiki/releases/tag/release-2025-05-14b"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "cve@mitre.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[2025-05-14b,2025-05-14b]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "dokuwiki", "vendor": "wiki"}], "analysis": {"en": {"generated_at": "2026-04-08T11:09:12.339993+00:00", "value": {"mitigation_remediation": ["Check the Dokuwiki project website for a release that includes a fix for the media upload handling issue.", "Apply the updated version as soon as it becomes available.", "If an update cannot be applied immediately, consider disabling the media upload feature or the media_upload_xhr endpoint to prevent the denial of service condition."], "summary": {"action": "Assess Impact", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All installations of Dokuwiki version 2025\u201105\u201114b are vulnerable, regardless of deployment environment, as the issue exists in the core media handling code. Versions published before or after this patch release are not known to be affected.", "description_and_impact": "The flaw in Dokuwiki 2025\u201105\u201114b resides in the Librarian component\u2019s media_upload_xhr() routine, which is exposed via media.php. An attacker who can send a specially crafted media\u2011upload request can trigger a resource exhaustion condition, reflected by the vulnerability\u2019s CWE\u2011400 and CWE\u2011770 identifiers. The result is a denial\u2011of\u2011service state in which the web application becomes unresponsive or must be restarted.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a low overall severity, and the EPSS score below 1% suggests current exploitation likelihood is minimal. The vulnerability is not listed in the CISA KEV catalog. Because the flaw can be triggered via an HTTP request to the media upload endpoint, the attack vector is remote and does not require elevated privileges or special configuration beyond the ability to construct an upload request."}}}}, "created": "2026-04-03T21:17:07.430092+00:00", "updated": "2026-04-08T19:54:25.625323+00:00", "vendors": ["wiki", "wiki$PRODUCT$dokuwiki"]}