1. CVE-2026-7500: Security Patch Closes Improper Access Control Gap on Account API Endpoints
A critical access control vulnerability has been patched in the Account API framework, addressing a scenario where protected endpoints remained reachable even after explicitly disabling the ACCOUNT_API feature flag. The flaw, catalogued as CVE-2026-7500, created a pathway for unauthorized access to account data through...