Loading market data...
← Back to CVE feed

CVE-2026-49953

MEDIUM CVSS 6.5 View on NVD ↗

Description

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical character recognition model against collected CAPTCHA samples to reliably predict challenge text, bypassing protections on login, registration, and other functionality from automated abuse.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Published: Jun 15, 2026 20:16 UTC Modified: Jun 16, 2026 12:16 UTC