HIGH
maybe-finance
CVE published 2026-07-17
CVE-2026-63100
CVE-2026-63100 is a high-severity vulnerability in Maybe through 0.6.0, allowing authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController. This could disrupt the entire instance by allowing attackers to read and overwrite the operator's Synth API key, toggle public registration settings, [truncated]