Tag
An unauthenticated attacker can perform actions on behalf of a user initiating a password reset in Payload CMS versions prior to 3.79.1 due to a flaw in the password recovery flow, potentially leading to account takeover or privilege escalation.