Lab + writeup for CVE-2026-44166: PocketBase OAuth2 account pre-hijacking via unvalidated createData.email
golang oauth2 exploit poc bug-bounty vulnerability cve access-control authentication-bypass account-hijacking account-takeover security-research pocketbase cve-2026-44166 pre-hijacking
-
Updated
Jun 11, 2026 - Python