CVE-2026-31283
CRITICAL SEVERITYCVSS Score & Metrics
Base Score
9.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Description
In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-770
Source
NVD
Discussion (0)
Add Comment
No comments yet. Be the first!