CVE-2026-44679 – Tuist: Forgot password flow lacks throttling for reset email delivery

CVE ID :CVE-2026-44679

Published : May 14, 2026, 8:40 p.m. | 17 minutes ago

Description :Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes of unwanted email and consume downstream email delivery resources. This vulnerability is fixed in 1.180.10.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…