HomeCVE Intelligence › CVE-2026-48048
CVSS 7.5 HIGH Vulnerability

CVE-2026-48048: XWiki Platform's Livetable results still allow reconstructing password hashes using 768 r…

Impact XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insufficient and with slightly modified parameters to the LiveTableResults, it is still possible to discover password hashes one bit at a time, so with…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-48048
Vendormaven
Affected Productorg.xwiki.platform:xwiki-platform-livetable-ui
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact

XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insufficient and with slightly modified parameters to the LiveTableResults, it is still possible to discover password hashes one bit at a time, so with 768 requests, the full password salt and hash can be retrieved of a user.

Patches

The check for password (and email properties) has been adjusted in XWiki 18.0.0RC1, 17.10.13, 17.4.9 and 16.10.17.

Workarounds

The [patch](https://github.com/xwiki/xwiki-platform/commit/c4442716b02ffcdaa9d5e703b1db6203e36456fa#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a) can be applied manually to the wiki page XWiki.LiveTableResultsMacros.

Resources

• https://jira.xwiki.org/browse/XWIKI-23875
• https://github.com/xwiki/xwiki-platform/commit/c444271

🎯 Known Indicators of Compromise

{"type":"sha256","value":"5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a","confidence_score":0.95,"first_seen":"2026-05-26","source_count":1} {"type":"sha1","value":"c4442716b02ffcdaa9d5e703b1db6203e36456fa","confidence_score":0.9,"first_seen":"2026-05-26","source_count":1} {"type":"url","value":"https://github.com/xwiki/xwiki-platform/commit/c4442716b02ffcdaa9d5e703b1db6203e36456fa#diff-5a739e5","confidence_score":0.82,"first_seen":"2026-05-26","source_count":1} {"type":"url","value":"https://jira.xwiki.org/browse/XWIKI-23875","confidence_score":0.82,"first_seen":"2026-05-26","source_count":1} {"type":"url","value":"https://github.com/xwiki/xwiki-platform/commit/c444271","confidence_score":0.82,"first_seen":"2026-05-26","source_count":1} {"type":"domain","value":"jira.xwiki.org","confidence_score":0.75,"first_seen":"2026-05-26","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-48048 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence