Critical severity9.1NVD Advisory· Published May 8, 2026· Updated May 8, 2026

CVE-2013-10075

Description

Apache::Session versions through 1.94 for Perl re-creates deleted sessions.

The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted.

Affected products

Pachno/Apache Sessioninferred
Range: <=1.94
Package: https://pypi.org/project/apache-session
Apache/Apache
cpe:2.3:a:chorny:apache\:\:session:*:*:*:*:*:perl:*:*
Range: <=1.94

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2026/05/08/12nvdMailing ListThird Party Advisory
rt.cpan.org/Public/Bug/Display.htmlnvdIssue TrackingMailing List

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000