Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.
"https://github.com/pypa/advisory-database/blob/main/vulns/backend-ai/PYSEC-2026-290.yaml"