CVE-2026-40104

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 16.10.16 XWiki Platform versions prior to 17.4.8 XWiki Platform versions prior to 17.10.1

Description Resource exhaustion can occur in REST API endpoints, such as '/xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties', which list all available pages as part of the metadata for database list properties without applying query limits. On large wikis, this process can exhaust available server resources.

Recommendations Update to version 16.10.16. Update to version 17.4.8. Update to version 17.10.1.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2026-40104

GHSA-MRQG-XMGM-RC5G

Affected Products

Xwiki Platform

CVE-2026-40104

Weakness Enumeration

Related Identifiers

Affected Products

References · 7