Description Insufficient capability checks made it possible to disable badges a user does not have permission to access. Remediation References CVE-2025-26531 Related Vulnerabilities TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8757) Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-31801) Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-26048) WordPress Plugin WordPress File Upload Cross-Site Request Forgery (2.4.1) WordPress Plugin DukaPress TimThumb Arbitrary File Upload (2.3.2) Severity Medium Classification CVE-2025-26531 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities