OffSequence🚨 CRITICAL: CVE-2026-49757 in ash_authentication lets attackers bypass auth by spoofing email in OAuth2/OIDC, risking local account takeover. Patch status unconfirmed — check vendor advisory. Affected: v0.1.0, 5.0.0-rc.0. https://radar.offseq.com/threat/cve-2026-49757-cwe-290-authentication-bypass-by-sp-5df5a500 #OffSeq #CVE202649757 #OAuth2 #infosec
