CVE-2026-30913
EUVD-2026-1042210.03.2026, 17:40
Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting attacker-controlled domains.
Awaiting analysis
This vulnerability is currently awaiting analysis.