Security Advisory

CVE-2026-23891

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-13 16:52:16
Last updated 2026-04-14 16:29:24
Assigner GitHub_M
State PUBLISHED

Description

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. This issue has been fixed in versions 0.30.5 and 0.31.1.