CVE-2026-49953 | Discuz! X5.0 releases 20260320 through 20260610 contains a C… | CVSS 6.5 MEDIUM

Description

Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a custom optical character recognition model against collected CAPTCHA samples to reliably predict challenge text, bypassing protections on login, registration, and other functionality from automated abuse.

Metadata

CVE ID: CVE-2026-49953
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-02 16:30 UTC
Published: 2026-06-15 18:45 UTC
Last updated: 2026-06-15 19:20 UTC
Primary CWE: CWE-804
Guessable CAPTCHA
Vendor / Product: Discuz! / Discuz! X5.0
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Discuz!	Discuz! X5.0	—	20260320 ≤ 20260610

Weakness (CWE)

CWE	Source	Description
CWE-804	cna	Guessable CAPTCHA

CVSS scores (2)

Score	Severity	Version	Source	Vector
6.9	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
6.5	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References (3)