CVE-2026-40869

Name of the Vulnerable Software and Affected Versions Decidim versions 0.19.0 through 0.30.4 Decidim versions 0.31.0 through 0.31.0

Description An issue allows any registered and authenticated user to accept or reject any amendments. This affects users who have created proposals with the amendments feature enabled. Furthermore, the user accepting the amendment is elevated to the author of the original proposal because individuals amending proposals are granted coauthorship on coauthorable resources.

Recommendations Update to version 0.30.5 or 0.31.1. As a temporary workaround, disable amendment reactions for the amendable component such as proposals.