Unrestricted Account Creation in stoatchat by Stoat Technologies
CVE-2024-58360

6.9MEDIUM

Key Information:

Vendor

Stoatchat

Status
Vendor
CVE Published:
16 July 2026

What is CVE-2024-58360?

The identified vulnerability in stoatchat versions prior to 0.7.8 allows attackers to bypass essential account creation safeguards. The lack of enforcement for invite-only mode, email verification, captcha, and shield verification means that malicious users can create an unlimited number of accounts using unverified email addresses. This flaw significantly increases the risk of denial-of-service attacks, undermining the overall integrity of the service and potentially leading to broader security concerns.

Affected Version(s)

stoatchat 0 < 0.7.8

stoatchat 0.7.8

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.