account-takeover 2

• (CVE-2026-41873) Apache Pony Mail CRLF Injection and SSRF Leading to Full Account Takeover Apr 28, 2026
• Authenticated Arbitrary File Read via Race Condition leads to 0-Click Account Take Over on n8n Apr 15, 2026