Product
An authentication bypass vulnerability, CVE-2026-63101, in Open Event Server through version 1.19.1 allows unauthenticated attackers to export the complete member roster of any group by exploiting unauthenticated CSV export and task status endpoints, leading to the exfiltration of sensitive data like email addresses, names, and roles.