Vulnerability Details CVE-2026-33541
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 34, a flaw in TSPortal allowed attackers to create arbitrary user records in the database by abusing validation logic. While validation correctly rejected invalid usernames, a side effect within a validation rule caused user records to be created regardless of whether the request succeeded. This could be exploited to cause uncontrolled database growth, leading to a potential denial of service (DoS). Version 34 contains a fix for the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 20.9%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2026-33541
-
cpe:2.3:a:wikitide:tsportal:1
-
cpe:2.3:a:wikitide:tsportal:10
-
cpe:2.3:a:wikitide:tsportal:11
-
cpe:2.3:a:wikitide:tsportal:12
-
cpe:2.3:a:wikitide:tsportal:13
-
cpe:2.3:a:wikitide:tsportal:14
-
cpe:2.3:a:wikitide:tsportal:15
-
cpe:2.3:a:wikitide:tsportal:16
-
cpe:2.3:a:wikitide:tsportal:17
-
cpe:2.3:a:wikitide:tsportal:18
-
cpe:2.3:a:wikitide:tsportal:19
-
cpe:2.3:a:wikitide:tsportal:2
-
cpe:2.3:a:wikitide:tsportal:20
-
cpe:2.3:a:wikitide:tsportal:21
-
cpe:2.3:a:wikitide:tsportal:22
-
cpe:2.3:a:wikitide:tsportal:23
-
cpe:2.3:a:wikitide:tsportal:24
-
cpe:2.3:a:wikitide:tsportal:25
-
cpe:2.3:a:wikitide:tsportal:26
-
cpe:2.3:a:wikitide:tsportal:27
-
cpe:2.3:a:wikitide:tsportal:28
-
cpe:2.3:a:wikitide:tsportal:29
-
cpe:2.3:a:wikitide:tsportal:3
-
cpe:2.3:a:wikitide:tsportal:30
-
cpe:2.3:a:wikitide:tsportal:31
-
cpe:2.3:a:wikitide:tsportal:32
-
cpe:2.3:a:wikitide:tsportal:33
-
cpe:2.3:a:wikitide:tsportal:4
-
cpe:2.3:a:wikitide:tsportal:5
-
cpe:2.3:a:wikitide:tsportal:6
-
cpe:2.3:a:wikitide:tsportal:7
-
cpe:2.3:a:wikitide:tsportal:8
-
cpe:2.3:a:wikitide:tsportal:9