3 matches found
CVE-2026-63101 Open Event Server 1.19.1 Unauthenticated Member Roster Export via CSV Export Endpoint
Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...
CVE-2026-63101 Open Event Server 1.19.1 Unauthenticated Member Roster Export via CSV Export Endpoint
Open Event Server through 1.19.1 contains a missing authentication vulnerability that allows unauthenticated attackers to export the complete member roster of any group, including email addresses, names, join dates, and roles, by submitting requests to the group followers CSV export endpoint whic...
CVE-2026-63101
Open Event Server 1.19.1 is affected by an unauthenticated access vulnerability that lets attackers export the full member roster (emails, names, join dates, roles) by calling the group followers CSV export endpoint. The issue arises because the export endpoint lacks authentication and can be tri...