api-token-disclosure 1

• Client-Controlled OrgID Leads to Cross-Tenant Data Exposure | QueryWho Jun 20, 2026