HomeCVE Intelligence › CVE-2026-52767
CVSS 8.2 HIGH Vulnerability

CVE-2026-52767: YesWiki Vulnerable to Unauthenticated ActivityPub Signature-Verification Bypass via `!ope…

Summary HttpSignatureService::verifySignature() checks the result of PHP's openssl_verify() with a loose boolean negation if (!openssl_verify(...)) { throw ... }. PHP's openssl_verify has four possible return values: |…

8.2CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-52767
Vendorcomposer
Affected Productyeswiki/yeswiki
Vulnerability TypeVulnerability
CVSS Score8.2 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary

HttpSignatureService::verifySignature() checks the result of PHP's openssl_verify() with a loose boolean negation - if (!openssl_verify(...)) { throw ... }. PHP's openssl_verify has four possible return values: | return | meaning | !return | | ------ | ------------------------------------------------ | --------- | | 1 | signature is valid | false | | 0 | signature is invalid | true ✓ | | -1 | the verify call itself failed (internal error) | false | | false| input rejected by PHP's argument validation | true ✓ | The -1 row is the bypass: PHP's truthiness rules make -1 a truthy value, so !(-1) === false, the throw is skipped, and the controller proceeds to processActivity(). Any condition that makes OpenSSL's EVP_VerifyFinal() return `

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-52767 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence