CVE-2025-71279

Critical CVSS: 9.3

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication.

Vendor

Xenforo

Product

Xenforo

CWE

CWE-287

Yayın Tarihi

2026-04-01 01:16:40

Güncelleme

2026-04-01 18:57:17

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-287 Xenforo CRITICAL Xenforo 2026

Referanslar

https://www.vulncheck.com/advisories/xenforo-passkey-security-bypass https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/

Benzer Kayıtlar

Medium

CVE-2026-35054

XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can in…

Medium

CVE-2026-35055

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. A…

High

CVE-2026-35056

XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users.…

Medium

CVE-2026-35057

XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions,…

High

CVE-2025-71278

XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using O…

Medium

CVE-2025-71280

XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where mu…