What is CVE-2026-33137?

CVE-2026-33137 is a vulnerability in Xwiki Xwiki-platform, classified under Missing Authorization. Published 2026-05-20.

Is CVE-2026-33137 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Xwiki Xwiki-platform

CVE-2026-33137

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions starting with 15.10.6 and prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17…

Vulnerability class: Broken Access Control

EPSS: 0.000 (3.6th percentile) — read the EPSS interpretation.

Affected products

Xwiki Xwiki-platform — versions >= 15.10.6, < 16.10.17, >= 17.0.0-rc-1, < 17.4.9, >= 17.5.0, < 17.10.3

Weakness classification (CWE)

CWE-862 — Missing Authorization

Public proof-of-concept exploits

portbuster1337/CVE-2026-33137

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33137?: CVE-2026-33137 is a vulnerability in Xwiki Xwiki-platform, classified under Missing Authorization. Published 2026-05-20.
Is CVE-2026-33137 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.