A vulnerability marked as critical has been reported in go-shiori shiori up to 1.7.x. Affected by this issue is some unknown functionality of the component Account Update Endpoint. The manipulation of the argument owner leads to improper authorization.

This vulnerability is uniquely identified as CVE-2026-61463. The attack is possible to be carried out remotely. No exploit exists.