CVE-2026-15753
zhinianboke xianyu-auto-reply review approve trusting http permission methods on the server side
CVSS Score
5.4
EPSS Score
0.3%
EPSS Percentile
18th
A vulnerability was determined in zhinianboke xianyu-auto-reply on Server. Affected by this vulnerability is an unknown functionality of the file /api/v1/payment/withdraw/review?action=approve. Executing a manipulation can lead to trusting http permission methods on the server side. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 19fc3282a1bb78a05c34945c088525d20e081cbd. It is best practice to apply a patch to resolve this issue.
| CWE | CWE-650 |
| Vendor | zhinianboke |
| Product | xianyu-auto-reply |
| Published | Jul 14, 2026 |
| Last Updated | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for zhinianboke xianyu-auto-reply
Be the first to know when new medium vulnerabilities affecting zhinianboke xianyu-auto-reply are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
zhinianboke / xianyu-auto-reply
n/a
References
vuldb.com: https://vuldb.com/vuln/378335 vuldb.com: https://vuldb.com/vuln/378335/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15753 vuldb.com: https://vuldb.com/submit/856719 github.com: https://github.com/zhinianboke/xianyu-auto-reply/issues/192 github.com: https://github.com/zhinianboke/xianyu-auto-reply/commit/19fc3282a1bb78a05c34945c088525d20e081cbd github.com: https://github.com/zhinianboke/xianyu-auto-reply/
Credits
๐ Galaxyn (VulDB User)