CVE ID :CVE-2026-13164
Published : June 24, 2026, 3:37 p.m. | 3 hours, 55 minutes ago
Description :Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, because the endpoint applies the AllowAny permission with no email verification, CAPTCHA, or administrator approval. Any account created this way can read all email stored by the instance, resulting in full disclosure of stored messages to an arbitrary unauthenticated attacker
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more… To Read More Visit Read More