PatchSiren

maybe-finance CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH maybe-finance CVE published 2026-07-17

CVE-2026-63100

CVE-2026-63100 is a high-severity vulnerability in Maybe through 0.6.0, allowing authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController. This could disrupt the entire instance by allowing attackers to read and overwrite the operator's Synth API key, toggle public registration settings, [truncated]