High severityNVD Advisory· Published Mar 6, 2026· Updated Mar 9, 2026
TSPortal: Anyone can forge self-deletion requests of any user
CVE-2026-29788
Description
TSPortal is the WikiTide Foundation’s in-house platform used by the Trust and Safety team to manage reports, investigations, appeals, and transparency work. Prior to version 30, conversion of empty strings to null allows disguising DPA reports as genuine self-deletion reports. This issue has been patched in version 30.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
miraheze/ts-portalPackagist | < 30 | 30 |
Affected products
2- miraheze/TSPortalv5Range: < 30
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-gfhq-7499-f3f2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-29788ghsaADVISORY
- api.laravel.com/docs/12.x/Illuminate/Foundation/Configuration/Middleware.htmlghsaWEB
- github.com/miraheze/TSPortal/security/advisories/GHSA-gfhq-7499-f3f2ghsax_refsource_CONFIRMWEB
- issue-tracker.miraheze.org/T15053ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.