Product
YesWiki versions prior to 4.6.6 are vulnerable to unauthenticated arbitrary page deletion (CVE-2026-52766) via the `{{erasespamedcomments}}` wiki action, allowing any unauthenticated user to permanently delete arbitrary wiki pages, including critical ones, by sending a crafted POST request.