flarum is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly check access for post creation when the first post is deleted, allowing an attacker who can view the discussion to create new malicious replies via the REST API, even with reply permission or lock status.Read More