CVE-2026-33541: CWE-400: Uncontrolled Resource Consumption in miraheze TSPortal
CVE-2026-33541 is a medium severity vulnerability in miraheze's TSPortal platform prior to version 34. The issue involves uncontrolled resource consumption due to a flaw in the validation logic that allowed attackers to create arbitrary user records in the database even when validation failed. This could lead to excessive database growth and potentially cause a denial of service (DoS). The vulnerability has been fixed in version 34 of TSPortal.
AI Analysis
Technical Summary
TSPortal, used by the WikiTide Foundation’s Trust and Safety team, had a vulnerability in versions before 34 where a validation rule side effect caused user records to be created regardless of validation success. Although invalid usernames were rejected, the flawed logic allowed attackers to create arbitrary user entries, leading to uncontrolled database growth. This resource exhaustion could result in a denial of service condition. The issue is tracked as CVE-2026-33541 with a CVSS 3.1 score of 6.5 (medium severity). Version 34 of TSPortal includes a fix that addresses this problem.
Potential Impact
The vulnerability allows attackers with at least low privileges to cause uncontrolled growth of the user database by creating arbitrary user records. This can lead to denial of service due to resource exhaustion on the affected system. There is no impact on confidentiality or integrity reported. No known exploits are currently observed in the wild.
Mitigation Recommendations
Upgrade TSPortal to version 34 or later, where the vulnerability has been fixed. Since this is an on-premises product, administrators should apply the official update to prevent exploitation. Patch status is confirmed by the vendor stating version 34 contains the fix.
CVE-2026-33541: CWE-400: Uncontrolled Resource Consumption in miraheze TSPortal
Description
CVE-2026-33541 is a medium severity vulnerability in miraheze's TSPortal platform prior to version 34. The issue involves uncontrolled resource consumption due to a flaw in the validation logic that allowed attackers to create arbitrary user records in the database even when validation failed. This could lead to excessive database growth and potentially cause a denial of service (DoS). The vulnerability has been fixed in version 34 of TSPortal.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
TSPortal, used by the WikiTide Foundation’s Trust and Safety team, had a vulnerability in versions before 34 where a validation rule side effect caused user records to be created regardless of validation success. Although invalid usernames were rejected, the flawed logic allowed attackers to create arbitrary user entries, leading to uncontrolled database growth. This resource exhaustion could result in a denial of service condition. The issue is tracked as CVE-2026-33541 with a CVSS 3.1 score of 6.5 (medium severity). Version 34 of TSPortal includes a fix that addresses this problem.
Potential Impact
The vulnerability allows attackers with at least low privileges to cause uncontrolled growth of the user database by creating arbitrary user records. This can lead to denial of service due to resource exhaustion on the affected system. There is no impact on confidentiality or integrity reported. No known exploits are currently observed in the wild.
Mitigation Recommendations
Upgrade TSPortal to version 34 or later, where the vulnerability has been fixed. Since this is an on-premises product, administrators should apply the official update to prevent exploitation. Patch status is confirmed by the vendor stating version 34 contains the fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-20T18:05:11.832Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69c5973e3c064ed76fca3c24
Added to database: 3/26/2026, 8:29:50 PM
Last enriched: 4/3/2026, 1:31:19 PM
Last updated: 5/10/2026, 7:59:36 AM
Views: 52
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.