Back to search
CVE-2026-25101
Published: Mar 27, 2026
Modified: Mar 27, 2026
PUBLISHED
Description
Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in version 3.17.2.
| Vendor | Product | Versions |
|---|---|---|
Bludit | Bludit | affected 0 - < 3.17.2 |
Weaknesses (CWE)
References
https://cert.pl/posts/2026/03/CVE-2026-25099
third-party-advisory
https://github.com/bludit/bludit/releases/tag/3.17.2
release-notes
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now