Ah, I had posted this over in [email protected], but I totally forgot to cross-post it over here! It's going to take me a while to remember the communities on lemmy that are relevant and active.
But yeah, it's a pre-auth vulnerability, so definitely patch up asap!