Requarks Wiki.js Authentication Bypass

CRITICAL (9.1)

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available

EPSS Score: 0.04% chance of exploitation (percentile: 14%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

Requarks Wiki.js is a popular open-source wiki software, used by many organizations to manage their documentation and knowledge base. The vulnerability in Requarks Wiki.js 2.5.307 allows attackers to bypass authentication and gain unauthorized access to the system, even after logging out.

Am I affected?

Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Packages

npm: requarks-wiki

How to fix

To fix this vulnerability, you can upgrade to Requarks Wiki.js version 2.5.308 or later. You can do this by running npm install requarks-wiki@2.5.308 (or your package manager's equivalent command).

Immediate mitigations include:

Restrict network access to your Requarks Wiki.js instance (firewall it from the public internet)
Audit admin account activity for suspicious access patterns
Monitor for unauthorized token creation

References

github.com