Browse all 9 CVE security advisories affecting humhub. AI-powered Chinese analysis, POCs, and references for each vulnerability.
HumHub is an open-source social networking platform used for building collaborative intranets and community sites. Historically, it has been susceptible to multiple vulnerability classes including remote code execution, cross-site scripting, and privilege escalation, with nine CVEs documented. The platform's modular architecture introduces potential attack surfaces through extensions and plugins. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities in access controls and input validation highlights ongoing security challenges. Regular updates and careful configuration are essential for maintaining secure deployments, as the platform's complexity increases exposure to both known and emerging threats.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-29048 | HumHub: XSS in Button component — humhubCWE-79 | 5.4 | - | 2026-03-06 |
| CVE-2026-29052 | HumHub Calendar Module: Stored XSS in Event Types — calendarCWE-79 | 5.4 | - | 2026-03-05 |
| CVE-2025-65963 | CFiles Unauthorized Folder/ZIP Access in Public Spaces — cfilesCWE-284 | 5.4 | Medium | 2025-11-25 |
| CVE-2025-64442 | HumHub is vulnerable to XSS through its Meta Search component — humhubCWE-79 | 6.1 | - | 2025-11-07 |
| CVE-2025-54790 | Files: Potential for SQL Injection through File Browse and List Operations — cfilesCWE-89 | 6.5 | - | 2025-08-01 |
| CVE-2025-54789 | Files is Vulnerable to Reflected Self-XSS through its File Move Functionality — cfilesCWE-80 | 5.4 | - | 2025-08-01 |
| CVE-2022-31133 | Cross site scripting in HumHub — humhubCWE-79 | 5.9 | Medium | 2022-07-07 |
| CVE-2022-24865 | Improper access control in humhub — humhubCWE-200 | 6.5 | Medium | 2022-04-20 |
| CVE-2021-43847 | Authorization Bypass in Space Invite in HumHub — humhubCWE-285 | 6.5 | Medium | 2021-12-20 |
This page lists every published CVE security advisory associated with humhub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.