CVE-2026-29788

HIGH

TSPortal <30 - Auth Bypass

Title source: llm

Description

TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been patched in version 30.

References (2)

[Vendor Advisory] https://github.com/miraheze/TSPortal/security/advisories/GHSA-gfhq-7499-f3f2

[Various Sources] https://issue-tracker.miraheze.org/T15053

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 11.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1287 CWE-283

Status published

Products (2)

miraheze/ts-portal 0 - 30Packagist

wikitide/tsportal < 30

Published Mar 06, 2026

Tracked Since Mar 07, 2026