Ghostwire

CVE-2026-40104: XWiki's REST APIs can list all pages/spaces, leading to unavailability

MEDIUM CVSS 5.5 Exploit Available

Published: April 14, 2026 | Last Modified: April 14, 2026

Description

XWiki's REST APIs can list all pages/spaces, leading to unavailability

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

github.com/xwiki/xwiki-platform/security/advisories/GHSA-mrqg-xmgm-rc5g
github.com/xwiki/xwiki-platform/commit/47b568c4753a6e682b14be1ca581bdd3b25d45a7
jira.xwiki.org/browse/XWIKI-23550
github.com/advisories/GHSA-mrqg-xmgm-rc5g
www.tenable.com/cve/CVE-2026-40104
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-40104