HIGH
fossasia
CVE published 2026-07-17
CVE-2026-63101
CVE-2026-63101 is a high-severity vulnerability in Open Event Server through version 1.19.1. The vulnerability allows unauthenticated attackers to export the complete member roster of any group, including sensitive information such as email addresses, names, join dates, and roles. This is achieved by exploiting the unauthenticated POST endpoint for CSV export of group followers, which lacks proper authent [truncated]