Lucene search
K

4 matches found

NVD
NVD
added 2026/05/14 5:16 p.m.44 views

CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 4:17 p.m.32 views

CVE-2026-44511

Katalyst Koi (Rails admin framework) had a session-cookie handling flaw: before versions 4.20.0 and 5.6.0, admin session cookies were not invalidated at logout, allowing an attacker with a valid cookie to access admin functionality after logout until expiration or rotation. Affected versions incl...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 4:17 p.m.4 views

CVE-2026-44511 Katalyst Koi: Session cookies can be replayed after user logout

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS6AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38363

Name of the Vulnerable Software and Affected Versions Katalyst Koi versions prior to 5.6.0 Katalyst Koi versions prior to 4.20.0 Description Admin session cookies are not invalidated upon logout. This allows an attacker who has obtained a valid admin session cookie—through exposure, caching, or...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References6
Rows per page
Query Builder