CVE-2026-15752: Missing Authorization in zhinianboke xianyu-auto-reply
CVE-2026-15752 is a medium severity vulnerability in the zhinianboke xianyu-auto-reply product affecting the backend user endpoint at /api/v1/users/. It allows remote attackers to bypass authorization due to missing authorization checks. The product uses a rolling release model, so specific affected versions are not clearly identified. A patch identified by commit 19fc3282a1bb78a05c34945c088525d20e081cbd is recommended to fix the issue.
AI Analysis
Technical Summary
This vulnerability in zhinianboke xianyu-auto-reply up to commit dcb445ad97816ad65299a7580ee0c8c8f929da84 involves missing authorization in an unknown function within the backend user endpoint (/api/v1/users/). The flaw allows remote attackers to perform unauthorized actions. The product is delivered via a rolling release model, which complicates exact version identification. A patch exists (commit 19fc3282a1bb78a05c34945c088525d20e081cbd) and applying it is the recommended remediation.
Potential Impact
The vulnerability enables remote attackers to bypass authorization controls, potentially allowing unauthorized access or actions on the backend user endpoint. This could lead to unauthorized data access or manipulation depending on the backend functionality exposed by the endpoint.
Mitigation Recommendations
A patch identified by commit 19fc3282a1bb78a05c34945c088525d20e081cbd is available and should be applied to remediate the vulnerability. Since the product uses a rolling release model, users should update to the latest version containing this patch. Patch status is not explicitly confirmed beyond this, so checking the vendor's advisory or repository for the patch application is recommended.
CVE-2026-15752: Missing Authorization in zhinianboke xianyu-auto-reply
Description
CVE-2026-15752 is a medium severity vulnerability in the zhinianboke xianyu-auto-reply product affecting the backend user endpoint at /api/v1/users/. It allows remote attackers to bypass authorization due to missing authorization checks. The product uses a rolling release model, so specific affected versions are not clearly identified. A patch identified by commit 19fc3282a1bb78a05c34945c088525d20e081cbd is recommended to fix the issue.
CVSS v4.0
Score 6.9medium
Affected software
cpe:2.3:a:zhinianboke:xianyu-auto-reply:*:*:*:*:*:*:*:*AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in zhinianboke xianyu-auto-reply up to commit dcb445ad97816ad65299a7580ee0c8c8f929da84 involves missing authorization in an unknown function within the backend user endpoint (/api/v1/users/). The flaw allows remote attackers to perform unauthorized actions. The product is delivered via a rolling release model, which complicates exact version identification. A patch exists (commit 19fc3282a1bb78a05c34945c088525d20e081cbd) and applying it is the recommended remediation.
Potential Impact
The vulnerability enables remote attackers to bypass authorization controls, potentially allowing unauthorized access or actions on the backend user endpoint. This could lead to unauthorized data access or manipulation depending on the backend functionality exposed by the endpoint.
Mitigation Recommendations
A patch identified by commit 19fc3282a1bb78a05c34945c088525d20e081cbd is available and should be applied to remediate the vulnerability. Since the product uses a rolling release model, users should update to the latest version containing this patch. Patch status is not explicitly confirmed beyond this, so checking the vendor's advisory or repository for the patch application is recommended.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-07-14T15:51:25.852Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a56b92768715ace4351a78f
Added to database: 07/14/2026, 22:33:11 UTC
Last enriched: 07/14/2026, 22:48:03 UTC
Last updated: 07/14/2026, 22:49:12 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.