CVE-2026-31283
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Apr 13, 2026
Vendor
unknown
Description
In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack.