Summary
Key Points:
- Discuz! X5.0 is vulnerable to a Cross-Context Token Reuse vulnerability (CVE-2026-49952) that allows unauthenticated attackers to gain access to sensitive database functionalities.
- The vulnerability affects versions X5.0 from releases 20260320 to 20260501, enabling attackers to exploit the database export/import API, potentially leading to unauthorized remote code execution.
- It is recommended to upgrade to version 20260510 or later to mitigate this vulnerability.
Technical Details: The vulnerability arises from improper cryptographic isolation due to the sharing of the global authkey across multiple application components, allowing attackers to generate valid tokens for unauthorized access.
MITRE ATT&CK Techniques:
- None mentioned
IOCs Mentioned:
- CVE-2026-49952
Join the discussion — sign up to comment, upvote, and save articles.