2 matches found
CVE-2026-49757
creationtimestamp| type| source ---|---|--- 2026-06-15 13:27:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3modf7q5hpd23 2026-06-15 18:00:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3modugpemgd2a 2026-06-15 18:00:18+00:00| seen|...
CVE-2026-49757 OAuth2/OIDC account takeover in AshAuthentication via email-based user matching
Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address an upsert on the email field, or a user-defined sign-in...