Tag
DevGuard versions before 1.2.2 are vulnerable to unauthenticated identity assertion via a client-supplied `X-Admin-Token` HTTP request header, potentially granting attackers full control over organizations if they can guess an admin/owner's Kratos identity UUID.