CVE-2026-4349

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

EUVD-2026-12659

A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the attack...

CVE-2026-4349

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

CVE-2026-4349 Duende IdentityServer4 Token Renewal Endpoint authorize improper authentication

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

CVE-2026-4349 Duende IdentityServer4 Token Renewal Endpoint authorize improper authentication

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

CVE-2026-4349

A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument idtokenhint causes improper authentication. It is possible to initiate the...

CVE-2026-4349

CVE-2026-4349 affects Duende IdentityServer 4; vulnerable component is the Token Renewal Endpoint under /connect/authorize, where manipulation of the id_token_hint argument leads to improper authentication. The issue is described as remote-exploitable with high attack complexity, but the provided...

Duende IdentityServer 授权问题漏洞

Duende IdentityServer is an open-source framework developed by Duende for ASP.NET Core, which adheres to standard OpenID Connect and OAuth 2.x protocols. Duende IdentityServer has a vulnerability related to authorization. This vulnerability stems from incorrect handling of the parameter idtokenhi...

PT-2026-25949

A vulnerability was determined in Duende IdentityServer 4. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id token hint causes improper authentication. It is possible to initiate the attack...

EUVD-2024-3141

Malicious code in bioql PyPI...

EUVD-2024-2334

Malicious code in bioql PyPI...

EUVD-2024-48178

Malicious code in bioql PyPI...

EUVD-2025-4683

Malicious code in bioql PyPI...

CVE-2024-49755

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api endpoints even...

CVE-2024-51987

Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...

CVE-2024-39694

Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it t...

CVE-2025-26620

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protoco...

CVE-2025-26620

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protoco...

CVE-2025-26620

CVE-2025-26620 describes a race condition in Duende.AccessTokenManagement when multiple concurrent requests for client credentials tokens use varying TokenRequestParameters. The issue can cause concurrent requests to return tokens with incorrect protocol parameters (scope, resource indicator, etc...

CVE-2025-26620 Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens

Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using differing protoco...