CVE-2026-44679 – Tuist: Forgot password flow lacks throttling for reset email delivery

CVE ID :CVE-2026-44679

Published : May 14, 2026, 8:40 p.m. | 17 minutes ago

Description :Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes of unwanted email and consume downstream email delivery resources. This vulnerability is fixed in 1.180.10.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-6811 – PHP Stack Exhaustion

CVE-2026-45248 – Hedera Guardian Authentication Bypass Information Disclosure

CVE-2026-44671 – ZITADEL: LDAP Filter Injection in Login Flow

CVE-2026-44428 – MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience