BIT-discourse-2026-53961: Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)
Discourse versions prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 contain a vulnerability in the AWS SES bounce webhook. The webhook verified that SNS messages were signed by Amazon but did not…
Read the full article2d agoen
Comments
Sign in to join the conversation.
No comments yet. Be the first.