CVE-2026-26477: An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_uploa

Description

An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

https://github.com/Hebing123/cve/issues/94

Related News (1 articles)

Tier C

VulDB9h ago

CVE-2026-26477 | Dokuwiki 2025-05-14b media.php media_upload_xhr denial of service

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 3, 2026

Trending Score44

Source articles1

Independent1

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-59711EXP

CVE-2025-59711: An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism,

Trending: 55

HIGHCVE-2025-59709EXP

CVE-2025-59709: An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read b

Trending: 45

CRITICALCVE-2026-28373

CVE-2026-28373: The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryp

Trending: 42

CRITICALCVE-2025-59710

CVE-2025-59710: An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the

Trending: 29

MEDIUMCVE-2026-30251

CVE-2026-30251: A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenSh

Trending: 21

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026