The missing authorization allows any authenticated user to revoke any team invitations on a coolify instance by only providing a predictable and incrementing ID, resulting in a Denial-of-Service attack (DOS).

PoC

App\Livewire\Team\Invitations::deleteInvitation(int $invitation_id);