CVE-2026-40305
Received Received - Intake
Forced Friend Request Acceptance Vulnerability in DNN CMS Friends Feature

Publication date: 2026-04-17

Last updated on: 2026-04-24

Assigner: GitHub, Inc.

Description
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-04-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40305
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dnnsoftware dotnetnuke From 6.0.0 (inc) to 10.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the DNN (DotNetNuke) web content management platform versions starting from 6.0.0 up to before 10.2.2. It affects the 'friends' feature, where a user can craft a specially designed request that forces another user to accept a friend request without their consent.

Impact Analysis

The vulnerability can lead to unauthorized acceptance of friend requests on behalf of other users. This could result in unwanted connections or relationships being established within the platform, potentially exposing users to privacy risks or social engineering attacks.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade DNN (DotNetNuke) to version 10.2.2 or later, as this version patches the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40305. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart