CVE-2026-39324

CVE-2026-39324 affects Rack::Session::Cookie. From 2.0.0 up to 2.1.1, decryption failures under secrets: allow cookies to be decoded by a default coder instead of being rejected, enabling an unauthenticated attacker to forge session data and potentially gain unauthorized access. Affected componen...

Linux Distros Unpatched Vulnerability : CVE-2026-39324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when...

n8n Has External Secrets Authorization Bypass in Credential Saving

Impact An authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the externalSecret:list permission check and allowed access to secrets stored in...

CVE-2026-33722 n8n Has External Secrets Authorization Bypass in Credential Saving

n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the...