Excessive Email Triggering in Tuist Platform for Swift Developers
CVE-2026-44679

6.9MEDIUM

Key Information:

Vendor: Tuist
Status: Tuist
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-44679?

The Tuist platform, utilized by Swift app developers, contains a vulnerability in its forgot password functionality that allows unauthenticated attackers to exploit the system. Prior to version 1.180.10, there was no server-side throttling in place, enabling attackers to trigger multiple password reset emails for a known user account. This lack of control can lead to the generation of excessive, unwanted email traffic, ultimately consuming email delivery resources and potentially disrupting service. The vulnerability has been addressed in the latest software update.

Affected Version(s)

tuist < 1.180.10

References

https://github.com/tuist/tuist/security/advisories/GHSA-v...

x_refsource_CONFIRM

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44679 Data

JSON