From 544b1d983b60002b6105b98941794dd5260a0647 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Sat, 16 May 2026 07:57:03 -0400
Subject: [PATCH 1/2] Added cvss_v3 field/value

---
 gems/decidim-core/CVE-2026-23891.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gems/decidim-core/CVE-2026-23891.yml b/gems/decidim-core/CVE-2026-23891.yml
index ea0392327b..d9e82716ca 100644
--- a/gems/decidim-core/CVE-2026-23891.yml
+++ b/gems/decidim-core/CVE-2026-23891.yml
@@ -31,6 +31,7 @@ description: |
   [octree](https://octree.ch/) and made by
   [Secu Labs](https://seculabs.ch/) against Decidim financed
   by the city of Lausanne (Switzerland).
+cvss_v3: 8.7
 patched_versions:
   - "~> 0.30.5"
   - ">= 0.31.1"

From 9f47f3248e68b6bc7a11d915508ff60ed8cc378d Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Tue, 19 May 2026 09:34:53 -0400
Subject: [PATCH 2/2] Update CVE-2026-23891.yml with CVSS v4 and URL

Added CVSS v4 score and related URL for CVE-2026-23891.
---
 gems/decidim-core/CVE-2026-23891.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gems/decidim-core/CVE-2026-23891.yml b/gems/decidim-core/CVE-2026-23891.yml
index d9e82716ca..69c821ea2f 100644
--- a/gems/decidim-core/CVE-2026-23891.yml
+++ b/gems/decidim-core/CVE-2026-23891.yml
@@ -32,11 +32,13 @@ description: |
   [Secu Labs](https://seculabs.ch/) against Decidim financed
   by the city of Lausanne (Switzerland).
 cvss_v3: 8.7
+cvss_v4: 9.3
 patched_versions:
   - "~> 0.30.5"
   - ">= 0.31.1"
 related:
   url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2026-23891
     - https://github.com/decidim/decidim/releases/tag/v0.31.1
     - https://github.com/decidim/decidim/releases/tag/v0.30.5
     - https://github.com/decidim/decidim/security/advisories/GHSA-fc46-r95f-hq7g