PT-2026-39188 · People · People
Djnnvx
·
Published
2026-05-08
·
Updated
2026-05-09
·
CVE-2026-42185
CVSS v3.1
5.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
People versions prior to 1.25.0
Description
An issue in the application allows a user with the Administrator role on a mail domain to promote any existing user, including those without current domain access, to the Owner role. This is achieved by sending a crafted invitation request via a single authenticated HTTP request, granting full domain ownership immediately without requiring acceptance from the target user.
Recommendations
Update to version 1.25.0.
Exploit
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
People