Resource exhaustion in Tuist
CVE-2026-44679
Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hos…
EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.
Affected products
- Tuist — versions < 1.180.10
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)