CVE-2024-24769
Vantage6: No limit on emails sent for password/MFA reset
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam sender. Note resetting the MFA token requires a correct password, so the potential impact for this is very low. Version 5.0.0 fixes the issue. No known workarounds are available.
| CWE | CWE-400 |
| Vendor | vantage6 |
| Product | vantage6 |
| Published | Jun 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for vantage6 vantage6
Be the first to know when new unknown vulnerabilities affecting vantage6 vantage6 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
vantage6 / vantage6
< 5.0.0