CTFd v3.3.1 is available now with a security fix for an issue where users could join a team without knowing the team password or having a team invite.
The malicious user would not have gained any additional permissions on the team or within CTFd, however it is possible that a user could force themselves into a team and then potentially be given some kind of award based on the team's participation.
The issue was only present in CTFd v3.3.0 however we recommend all users upgrade to v3.3.1. All Hosted CTFd instances have already received this update.
The full albeit small changelog can be seen on Github here: https://github.com/CTFd/CTFd/releases/tag/3.3.1.