Unknown · Frontend User Registration · CVE-2026-46721
**Name of the Vulnerable Software and Affected Versions**
Frontend User Registration (sf register) (affected versions not specified)
**Description**
The create and edit flows fail to restrict submitted user properties and do not enforce access control on frontend user group assignments. This allows an attacker to assign an arbitrary frontend user group to a newly registered or edited account, leading to unauthorized access to content and functionality reserved for privileged frontend user groups.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.