A vulnerability was found in xwiki xwiki-platform up to 16.10.16/17.4.8/17.10.2/18.0.x . It has been classified as critical . The impacted element is an unknown function of the file /wikis/ of the component API . The manipulation leads to missing authorization. This vulnerability is listed as CVE-2026-33137 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.