Zulip: Improper Authentication Validation Allows Unauthorized Account Creation

In Zulip versions prior to 10.2 a high severity vulnerability CVE-2025-31478 was detected. This vulnerability allows attackers to create accounts in organizations configured to use SSO-only authentication, even without having an account with the configured SSO backend. To address this issue, users should upgrade Zulip to version 10.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31478.