CVE-2026-26477 — Allocation of Resources Without Limits or Throttling in Dokuwiki

CWE-770 — Allocation of Resources Without Limits or Throttling CWE-400 — Uncontrolled Resource Consumption6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 66.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dokuwiki Debian Dokuwiki

Timeline

PublishedApr 3

Latest updateApr 6

Description

An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶debiandebian/dokuwiki

▶NVDdokuwiki/dokuwiki2025-05-14b

🔴Vulnerability Details

OSV

CVE-2026-26477: An issue in Dokuwiki v↗2026-04-06

▶

GHSA

GHSA-gwpq-c4hc-7qhj: An issue in Dokuwiki v↗2026-04-03

▶

OSV

CVE-2026-26477: An issue in Dokuwiki v↗2026-04-03

▶

📋Vendor Advisories

Debian

CVE-2026-26477: dokuwiki - An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker t...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-26477 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶