Tag
high
advisory
Decidim API Unauthorized Access via CVE-2026-40870
2 rules 1 TTP 1 CVECVE-2026-40870 allows unauthenticated access to commentable resources in Decidim platforms prior to versions 0.30.5 and 0.31.1 due to missing permission checks on the publicly accessible `/api` endpoint, potentially exposing sensitive data.
Decidim
cve-2026-40870
api
unauthorized-access
2r
1t
1c
high
advisory
Decidim Amendment Acceptance Vulnerability
2 rules 1 TTPAn authentication bypass vulnerability in Decidim allows any registered user to accept or reject amendments, potentially granting them co-author status on affected proposals; versions 0.19.0 through 0.30.5 and 0.31.0.rc1 through 0.31.1 are affected.
Decidim-core
decidim
authentication-bypass
privilege-escalation
web-application
2r
1t
medium
advisory
Decidim Amendment Manipulation Vulnerability (CVE-2026-40869)
2 rules 1 TTP 1 CVECVE-2026-40869 allows authenticated users to manipulate amendments in Decidim versions 0.19.0 prior to 0.30.5 and 0.31.1, potentially hijacking authorship and impacting proposal integrity.
Decidim
vulnerability
amendment
manipulation
2r
1t
1c