CVE-2026-48780

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.2 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N                                    

Vulnerability Description

Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of `a2ab6d4`. As a workaround, some SMTP servers and email delivery providers may drop or refuse to send maliciously crafted email addresses.

Vulnerability Details

Published Date

June 16, 2026

Last Modified

June 16, 2026

CWE ID

CWE-287

Source

NVD

Vendor

forem

Product

forem

External References

https://github.com/forem/forem/commit/a2ab6d409d2676eb0711ecbd737192043125b437
https://github.com/forem/forem/security/advisories/GHSA-3g4h-9h37-mpx6

CVE-2026-48780

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment