Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical character recognition model against collected CAPTCHA samples to reliably predict challenge text, bypassing protections on login, registration, and other functionality from automated abuse.
| Vendor | Product | Versions |
|---|---|---|
| discuz! | discuz! x5.0 | 20260320 |
Updated severity to CRITICAL, corrected exploit availability to false, and provided a new description with additional details.
Initial creation