3 matches found
CVE-2026-33503
Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using the secret configur...
PT-2026-26787
Name of the Vulnerable Software and Affected Versions Ory Kratos affected versions not specified Description The ListCourierMessages Admin API in Ory Kratos is susceptible to SQL injection because of issues in its pagination implementation. Pagination tokens are encrypted using a secret configure...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication due to the improper handling of the requiredaal setting in the authentication process. An attacker can bypass multi-factor authentication requirements by exploiting the incorrect storage of availableaal values in...