CVE-2026-30913

Name of the Vulnerable Software and Affected Versions Flarum (affected versions not specified)

Description The Flarum forum software, when used with the flarum/nicknames extension, allows a registered user to set a nickname that email clients may interpret as a hyperlink. This nickname is directly inserted into plain-text notification emails. Recipients could be misled into visiting domains controlled by an attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.