CVE-2026-32736 is a security vulnerability classified as CWE-862 (Missing Authorization) found in the Hytale Modding Wiki software versions prior to 1.0.0. The vulnerability manifests as an Insecure Direct Object Reference (IDOR), where the application fails to enforce proper authorization checks on requests for mod author information. Specifically, any authenticated user who creates an account on the wiki can access sensitive personal data of mod authors, such as full names and email addresses, by navigating to mod pages identified by their slugs. This exposure occurs because the system does not verify whether the requesting user has permission to view the author details. The vulnerability affects confidentiality but does not impact data integrity or system availability. The CVSS 3.1 base score is 4.3, reflecting a medium severity level due to the ease of exploitation (low attack complexity, no user interaction beyond authentication) and limited impact scope. The vulnerability was publicly disclosed on March 18, 2026, and fixed in version 1.0.0 of the Hytale Modding Wiki. No known exploits have been reported in the wild. The flaw primarily threatens the privacy of mod authors by exposing their personal information to unauthorized users within the platform.

The primary impact of CVE-2026-32736 is the unauthorized disclosure of personally identifiable information (PII) of mod authors, including full names and email addresses. This exposure can lead to privacy violations, targeted phishing attacks, social engineering, and potential harassment of affected individuals. While the vulnerability does not affect system integrity or availability, the breach of confidentiality can damage user trust in the Hytale Modding Wiki platform and potentially harm the reputation of mod authors. Organizations or communities relying on this wiki for mod documentation may face compliance issues with data protection regulations such as GDPR if personal data is exposed without consent. Although exploitation requires authentication, the low barrier to create accounts means a wide range of attackers could access sensitive data. The lack of known exploits in the wild reduces immediate risk, but the vulnerability remains a concern until patched.

To mitigate CVE-2026-32736, organizations should upgrade the Hytale Modding Wiki to version 1.0.0 or later, where proper authorization checks have been implemented to restrict access to mod author personal information. Until upgrading is possible, administrators should consider restricting account creation to trusted users only or implementing additional access controls at the web server or application firewall level to limit access to mod author data pages. Monitoring user activity for unusual access patterns to mod pages can help detect potential exploitation attempts. Additionally, mod authors should be informed about the risk and advised to avoid sharing sensitive personal information on the platform. Regular security audits and code reviews focusing on authorization logic can prevent similar IDOR vulnerabilities. Finally, organizations should ensure compliance with relevant data protection laws by reviewing data handling and privacy policies related to the wiki.