Back to search
CVE-2026-23891
Published: Apr 13, 2026
Modified: Apr 14, 2026
PUBLISHED
Description
Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. This issue has been fixed in versions 0.30.5 and 0.31.1.
| Vendor | Product | Versions |
|---|---|---|
decidim | decidim | affected >= 0.31.0.rc1, < 0.31.1affected < 0.30.5 |
Weaknesses (CWE)
References
https://github.com/decidim/decidim/security/advisories/GHSA-fc46-r95f-hq7g
x_refsource_CONFIRM
https://github.com/decidim/decidim/releases/tag/v0.30.5
x_refsource_MISC
https://github.com/decidim/decidim/releases/tag/v0.31.1
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now