Product
A missing authorization vulnerability (CVE-2026-15752) exists in the /api/v1/users/ endpoint of zhinianboke xianyu-auto-reply, affecting versions up to commit dcb445ad97816ad65299a7580ee0c8c8f929da84, allowing a remote attacker to bypass authentication or authorization checks. An exploit for this vulnerability has been made public, and organizations using this product should apply the patch named 19fc3282a1bb78a05c34945c088525d20e081cbd to mitigate the risk.