CVE-2026-33541

MEDIUM 6.5

TSPortal's Uncontrolled User Creation via Validation Side Effects Leads to Potential Denial of Service

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

12th

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded. This could be exploited to cause uncontrolled database growth, leading to a potential denial of service (DoS). Version 34 contains a fix for the issue.

CWE	CWE-400 CWE-770
Vendor	miraheze
Product	tsportal
Published	Mar 26, 2026
Last Updated	Mar 27, 2026

Stay Ahead of the Next One

Get instant alerts for miraheze tsportal

Be the first to know when new medium vulnerabilities affecting miraheze tsportal are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

miraheze / TSPortal

< 34

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/miraheze/TSPortal/security/advisories/GHSA-f346-8rp3-4h9h