PT-2026-49717 · Forem · Forem
Published
2026-06-16
·
Updated
2026-06-16
·
CVE-2026-48780
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of
a2ab6d4. As a workaround, some SMTP servers and email delivery providers may drop or refuse to send maliciously crafted email addresses.Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forem