CVE-2026-63101
Open Event Server 1.19.1 is affected by an unauthenticated access vulnerability that lets attackers export the full member roster (emails, names, join dates, roles) by calling the group followers CSV export endpoint. The issue arises because the export endpoint lacks authentication and can be tri...