CVE-2026-44986 - Penpot: Pre-authenticated account takeover via team-invitation token + prepare-register-profile
CVE ID :CVE-2026-44986 Published : July 15, 2026, 4:16 p.m. | 17 minutes ago Description :Penpot is an open-source design tool for design and code collaboration. Prior to 2.14.5, Penpot exposed teams_invitations.clj invitation tokens from create-team-invitations, embedded an existing profile...