CVE-2024-58360
Deferred Deferred - Pending Action

StoaChat Account Creation Bypass Before 0.7.8

Vulnerability report for CVE-2024-58360, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: VulnCheck

Description

stoatchat versions before 0.7.8 fail to enforce account creation restrictions including invite-only mode, email verification, captcha, and shield verification. Attackers can create unlimited accounts with unverified email addresses, increasing denial-of-service risk and compromising service integrity.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
stoatchat stoatchat to 0.7.8 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1173 The product does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in stoatchat versions before 0.7.8 allows attackers to bypass account creation restrictions such as invite-only mode, email verification, captcha, and shield verification. This enables the creation of unlimited accounts with unverified email addresses, which can lead to increased denial-of-service risks and compromise the integrity of the service.

Detection Guidance

To detect this vulnerability, check the installed version of stoatchat. If it is below 0.7.8, the system is vulnerable. Use commands like 'stoatchat --version' or inspect package files for version details. Monitor for unusual account creation activity or unverified email addresses in user databases.

Impact Analysis

This vulnerability can impact you by allowing attackers to create numerous fake accounts, potentially overwhelming your service with traffic or spam. It may also lead to unauthorized access, data breaches, or misuse of your platform's resources.

Compliance Impact

This vulnerability may affect compliance with GDPR and HIPAA by enabling unauthorized account creation, which could lead to data breaches or improper handling of personal information. It undermines controls for user verification and access management required by these regulations.

Mitigation Strategies

Update stoatchat to version 0.7.8 or later to enforce account creation restrictions like invite-only mode, email verification, captcha, and shield verification.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-58360. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart