4 matches found
CVE-2026-9103 Unauthenticated Superuser Token Issuance via Auto-Login Endpoint
IBM Langflow OSS 1.0.0 through 1.10.0 could allow a remote attacker to gain unauthorized access due to improper authentication in the /api/v1/login/autologin endpoint. The endpoint issues long-lived superuser bearer tokens without requiring authentication when the AUTOLOGIN configuration is enabl...
CVE-2025-0663
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...
CVE-2025-0663 Potential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-Login
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...
PT-2025-39180
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A cross-tenant authentication issue exists because of a flawed cryptographic design in Adaptive Authentication. A single cryptographic key is used for all tenants to sign authentication...