CVE-2026-35383
Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could have used this token to enumerate or delete assets. As of 2026-03-27, the token is no longer present in the pages and cannot be used to enumerate or delete assets. T...