External risk intelligence

DokuWiki Account Creation via Self-Registration Flaw

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-37106

DokuWiki is commonly deployed as a public-facing web application. While this specific vulnerability relates to a self-registration feature, the application itself is a web platform designed for content management and collaboration, which is frequently exposed to the internet in real-world deployments.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical security issue has been identified in DokuWiki, a web-based content management system. This vulnerability could allow unauthorized remote access, potentially enabling the creation of new user accounts without proper authentication if the system is configured for self-registration. The main concern is to confirm if this specific self-registration feature is enabled and if the system is exposed externally.

  • Unauthorized account creation possible.
  • Confirm if self-registration is enabled.
  • Assess external exposure and configuration.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by accessing the DokuWiki registration page. If self-registration is enabled, the attacker can then create a new account without any prior authentication, potentially leading to unauthorized access and modification of wiki content.

  • No authentication required.
  • Submitting the registration form.
  • Unauthorized account creation.

Live Threat

Current exploitation, exposure, and threat context

When supported by the advisory's self-registration configuration, this vulnerability could allow a remote attacker to create an account via the register function. This could lead to unauthorized access and modification of wiki content.

  • Wiki content and system data.
  • Remote account creation via register function.
  • Unauthorized access and content modification.

Operational Fix

Recommended remediation, mitigation, and detection steps

This issue likely impacts teams responsible for managing DokuWiki instances, potentially including application owners, infrastructure teams, and security operations. The first step is to determine if self-registration is enabled and if the affected instances are exposed externally. Once confirmed, identify the accountable owner and plan remediation based on the assessed risk, considering potential configuration changes or patching.

  • Confirm self-registration status and external exposure.
  • Identify accountable DokuWiki instance owners.
  • Plan remediation based on risk assessment.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is DokuWiki and what is it used for?

DokuWiki is a popular open-source content management system used to build wikis, knowledge bases, and collaborative documentation sites. It is a file-based application that stores data directly on the server without requiring a database, making it a common choice for hosting technical manuals and team project notes.

What is the CVE-2026-37106 vulnerability?

CVE-2026-37106 refers to a weakness classified as CWE-640, or user account manipulation. It centers on the ability for unauthenticated users to create accounts. While this is often a deliberate feature in some setups, the vulnerability identifies a path where this function could be triggered unexpectedly, potentially allowing unauthorized access to the system.

How does an attacker trigger this vulnerability?

An attacker initiates this by accessing the registration function within the application. It is important to note that this does not trigger if your DokuWiki instance is configured to disable self-registration. The behavior relies specifically on the availability of the registration page, meaning environments with this feature turned off are not susceptible to this path.

Is my DokuWiki instance at risk?

According to Halo Surface Signal, DokuWiki is frequently deployed as a public-facing web platform. If your instance is accessible from the internet and you have enabled self-registration, it is considered higher risk because remote users can reach the registration page. Systems kept on internal, private networks are generally at lower risk.

How should I respond to this advisory?

Start by auditing your DokuWiki configuration to see if self-registration is currently enabled. If it is, evaluate whether this feature is necessary for your users. If you do not require public sign-ups, disabling the feature is the most effective initial step to secure your installation against unauthorized account creation.

References