CVE-2026-29788 is a vulnerability classified under CWE-283 (Unverified Ownership) and CWE-1287 affecting miraheze's TSPortal platform, a specialized tool used by the WikiTide Foundation's Trust and Safety team to manage sensitive workflows such as reports, investigations, appeals, and transparency efforts. The root cause lies in the platform's handling of empty string inputs prior to version 30, where these empty strings are converted to null values. This conversion flaw enables attackers to disguise Data Protection Act (DPA) reports as genuine self-deletion reports, effectively bypassing ownership verification controls. By exploiting this, an attacker could manipulate the status or handling of reports, potentially causing unauthorized report dismissals or misclassifications. The vulnerability is remotely exploitable over the network without requiring privileges or authentication, though it requires user interaction. The CVSS 4.0 score of 8.4 reflects a high severity, with a network attack vector, low complexity, no privileges required, and high impact on availability. The vulnerability was publicly disclosed on March 6, 2026, and has been addressed in TSPortal version 30. No known exploits have been observed in the wild to date. The issue highlights the critical importance of proper input validation and ownership verification in trust and safety platforms that handle sensitive user-generated reports and appeals.

The exploitation of this vulnerability could severely impact organizations relying on TSPortal for managing trust and safety workflows. Attackers could manipulate or disguise reports, leading to unauthorized dismissal or alteration of sensitive Data Protection Act (DPA) complaints. This undermines the integrity and reliability of the reporting and appeals process, potentially allowing malicious actors to evade accountability or disrupt transparency efforts. The availability of the platform could also be affected if reports are mishandled or corrupted. For organizations, this could result in reputational damage, loss of user trust, regulatory non-compliance, and operational disruptions. Since TSPortal is used in sensitive contexts involving user data and legal compliance, the impact extends beyond technical disruption to legal and ethical domains. The lack of required privileges or authentication lowers the barrier for attackers, increasing the risk of widespread exploitation if unpatched systems remain in use.

Organizations using TSPortal should immediately upgrade to version 30 or later, where this vulnerability has been patched. Beyond patching, implement strict input validation to prevent empty string to null conversions that could bypass ownership checks. Enhance ownership verification mechanisms to ensure that report status changes are authenticated and authorized, possibly by adding multi-factor verification or audit trails for critical actions. Regularly audit and monitor report handling workflows for anomalies indicative of manipulation attempts. Employ network-level protections such as web application firewalls (WAFs) to detect and block suspicious requests targeting report submission endpoints. Conduct security training for Trust and Safety teams to recognize potential exploitation patterns. Finally, establish incident response plans specifically addressing manipulation of trust and safety systems to quickly remediate any exploitation attempts.