Description

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature is enabled. This also elevates the user accepting the amendment as the author of the original proposal as people amending proposals are provided coauthorship on the coauthorable resources. Versions 0.30.5 and 0.31.1 fix the issue. As a workaround, disable amendment reactions for the amendable component (e.g. proposals).

INFO

Published Date :

2026-04-21T19:08:28.239Z

Last Modified :

2026-04-21T19:35:55.139Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40869 vulnerability.

Vendors Products
Decidim
  • Decidim
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40869.

URL Resource
https://github.com/decidim/decidim/commit/1b99136a1c7aa02616a0b54a6ab88d12907a57a9 cve-icon cve-icon
https://github.com/decidim/decidim/security/advisories/GHSA-w5xj-99cg-rccm cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact