CVE ID :CVE-2026-42185 Published : May 8, 2026, 7:23 p.m. | 15 minutes ago Description :People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted invitation request to promote any existing user (including users with no current domain access) to the Owner role. The exploit requires a single authenticated HTTP request and grants full domain ownership immediately, without any acceptance step from the target. This issue has been patched in version 1.25.0. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...