The WordPress Team has just release WordPress version 2.6.2.

This is a security release especially for those who have open registration on their blogs. The attack is complex and is dependent on open registration being turned on in your blog but can be executed in theory and turns out to be more of an annoyance than an actual exploit.