CVE-2026-30913

Publication date

2026-03-09 22:42:40

Family

GitHub_M

State

PUBLISHED

Description

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting attacker-controlled domains.