Tag
A critical vulnerability, CVE-2026-52767, in YesWiki's `HttpSignatureService::verifySignature()` allows unauthenticated attackers to bypass ActivityPub signature verification due to a loose boolean negation (`!openssl_verify(...)`) accepting `int(-1)` from PHP's `openssl_verify()` under specific conditions, enabling arbitrary Create, Update, and Delete operations on ActivityPub-enabled forms leading to defacement and content manipulation.