Name of the Vulnerable Software and Affected Versions wallabag versions prior to 2.6.7

Description The issue allows attackers to arbitrarily disable 2FA through "config/otp/app/disable" and "config/otp/email/disable" API endpoints.

Recommendations For versions prior to 2.6.7, upgrade your instance to version 2.6.7 or higher. As a temporary workaround, consider restricting access to the /config/otp/app/disable and /config/otp/email/disable API endpoints to minimize the risk of exploitation.