CVE-2026-29788

EUVD-2026-10067
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been patched in version 30.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
wikitidetsportal
𝑥
< 30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/miraheze/TSPortal/security/advisories/GHSA-gfhq-7499-f3f2
https://issue-tracker.miraheze.org/T15053