2 matches found
CVE-2026-10130
QueryWeaver (CVE-2026-10130) contains an authentication bypass where the signup route unconditionally creates and links a new token to the victim Identity via a Cypher MERGE before verifying email ownership, enabling unauthenticated attackers to obtain valid session tokens for existing accounts a...
PT-2026-60993
QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address. The signup route unconditionally creates and links a new token to the matching...