10 matches found
CVE-2026-44707
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
CVE-2026-44707
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
CVE-2026-44707 Chatwoot: Pre-Account Takeover via OAuth on Unconfirmed Accounts
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
CVE-2026-44707
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
CVE-2026-44707
CVE-2026-44707 (Chatwoot) : From 2.14.0 up to before 4.13.0, an authentication flow vulnerability allows a pre-registered, unowned email to set a password, enabling a Pre-Account Takeover. If the legitimate user later signs in via Google OAuth or another OmniAuth provider, the OAuth flow can sile...
CVE-2026-44707 Chatwoot: Pre-Account Takeover via OAuth on Unconfirmed Accounts
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
EUVD-2026-31916
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
PT-2026-43349
Chatwoot is a customer engagement suite. From 2.14.0 to before 4.13.0, a Pre-Account Takeover Pre-ATO vulnerability existed in Chatwoot's authentication flow. Because email confirmation was not enforced before an account became usable, an attacker could pre-register an email address they did not...
Account Takeover and Persistence due to the Oauth Misconfiguration
Team, May you all be well on your side of the screen. : . While Doing some research on thehttps://cal.com/, I was able to find a Pre-Account Takeover vulnerability. Proof of concept: . I have created a video demonstration of the vulnerability and uploaded it to my Google Drive. . The link for the...
S-Pankki: Email/OTP verification bypass leads to Pre-Account Takeover.
Handled in https://jira.sok.fi/browse/VOIK-6267...