<0.1% probability · 14.5th percentile — 2026-05-11
Affected versions
All deployments utilizing the vulnerable Magic Link authenticator implementation
Summary
This vulnerability is caused by insufficient rate limiting and resource control for invalid authentication requests in the Magic Link flow. Repeated invalid requests trigger uncontrolled memory usage growth on the affected server. This leads to a denial-of-service condition that renders the authentication service unavailable to end users. Impact is isolated to deployments that enable the Magic Link authenticator.
Remediation
Apply the official security patch that adds proper rate limiting and resource controls to the Magic Link authentication implementation. Monitor server memory usage for unexpected growth that could indicate active exploitation. Disable the Magic Link authenticator temporarily if a patch cannot be deployed immediately.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.