Description
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.
Published: 2026-05-23
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in UserSpice 4.3.24 permits an unauthenticated attacker to discover which usernames exist in the system. By sending a POST request to existingUsernameCheck.php and examining the response for the string taken, an attacker can enumerate all valid accounts. This information can be used to launch credential‑guessing, phishing, or other targeted attacks. The flaw is a classic username‑enumeration weakness identified as CWE‑204.

Affected Systems

Affected systems are installations built with UserSpice version 4.3.24. The CNA data does not list other affected versions. Administrators should confirm whether the system runs this release and assess whether a patch or upgrade is required.

Risk and Exploitability

The CVSS score of 9.3 indicates a severe flaw, while no EPSS score is available and the vulnerability is not catalogued in CISA KEV. The likely attack vector is over the network via HTTP; the attacker requires no authentication, and enumeration can be automated by sending multiple POST requests to the endpoint. Because the response reveals whether a username is taken, the risk of subsequent attacks is high.

Generated by OpenCVE AI on May 23, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a newer UserSpice version that removes or secures the existingUsernameCheck.php endpoint.
  • Configure the web server to restrict access to existingUsernameCheck.php, such as limiting requests to trusted IP addresses or enforcing authentication.
  • Monitor traffic for repeated POST requests to the endpoint and set up alerts for suspicious enumeration attempts.

Generated by OpenCVE AI on May 23, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 25 May 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Userspice
Userspice userspice
Vendors & Products Userspice
Userspice userspice

Sat, 23 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.
Title userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php
Weaknesses CWE-204
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Userspice Userspice
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T13:27:55.786Z

Reserved: 2026-05-23T15:34:00.756Z

Link: CVE-2018-25350

cve-icon Vulnrichment

Updated: 2026-05-26T13:27:52.870Z

cve-icon NVD

Status : Deferred

Published: 2026-05-23T19:16:55.120

Modified: 2026-05-26T19:37:32.587

Link: CVE-2018-25350

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T11:33:27Z

Weaknesses
  • CWE-204

    Observable Response Discrepancy