CVE-2026-54320 Daytona: Cross-tenant organization takeover via invitation acceptance with an unverified email

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

CVE-2026-56222 Capgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindings

Capgo before 12.128.2 contains an authorization bypass vulnerability in POST /private/rolebindings that fails to verify appid ownership during app-scoped role binding creation. An attacker with administrative privileges in one organization can create role bindings targeting applications owned by...

CVE-2026-43639

Bitwarden Server prior to v2026.4.0 is affected by a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/{providerId}/clients/existing, resulting in takeover of the target organization. The issue is restric...

bitwarden 安全漏洞

Bitwarden is an open-source password management backend service developed by Bitwarden. Versions of Bitwarden prior to 2026.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks, allowing users of the provider service to add any organization a...

CVE-2026-27197 Sentry: Improper Authentication on SAML SSO process allows user identity linking

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

Amazon AWS Deployment Framework Security Vulnerability

Amazon AWS Deployment Framework is a broad and flexible framework from Amazon.com, Inc. for managing and deploying resources across multiple AWS accounts and regions within an AWS organization. A security vulnerability exists in Amazon AWS Deployment Framework versions prior to 4.0.0 that stems...

Helium: Organization Takeover via invitation API

Hello @helium, today I would like to show you how a malicious user could exploit an IDOR affecting the /invitations resource to gain Administrator privileges inside an organization of which he's part of as a reader. Steps to reproduce the bug Setup Let's assume that three accounts exist: -...

Helium: Cleartext Transmission of Sensitive Information Leads to administrator access

The weakness of the program is Cleartext Transmission of Sensitive Information through URL Leads to administrator access. This program is having one feature like we can add users like administrator and read-only, these are roles, into organizations. Here I get the administrator role at same...

Helium: Organization Takeover

Hello @helium, The console.helium.com application doesn't correctly manage the /membership/ resources and allows a user to privilege escalate an organization of which he's part of just modifying it's role. Steps to reproduce the bug 1 Let's make two user accounts: - [email protected] A...