CVE-2024-58360 PUBLISHED

stoatchat before 0.7.8 Unrestricted Account Creation

Assigner: VulnCheck
Reserved: 16.07.2026 Published: 16.07.2026 Updated: 16.07.2026

stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
CVSS Score: 6.9

Product Status

Vendor stoatchat
Product stoatchat
Versions Default: unaffected
  • affected from 0 to 0.7.8 (excl.)
  • Version 0.7.8 is unaffected

References

Problem Types

  • Improper Use of Validation Framework CWE