PT-2026-41122 · Tuist · Tuist
Pepicrft
·
Published
2026-05-14
·
Updated
2026-05-14
·
CVE-2026-44679
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Tuist versions prior to 1.180.10
Description
The forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account because there is no server-side throttling. In self-hosted deployments, this can be used to send large volumes of unwanted email and consume downstream email delivery resources.
Recommendations
Update to version 1.180.10.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tuist