PatchSiren

fossasia CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH fossasia CVE published 2026-07-17

CVE-2026-63101

CVE-2026-63101 is a high-severity vulnerability in Open Event Server through version 1.19.1. The vulnerability allows unauthenticated attackers to export the complete member roster of any group, including sensitive information such as email addresses, names, join dates, and roles. This is achieved by exploiting the unauthenticated POST endpoint for CSV export of group followers, which lacks proper authent [truncated]