VYPR
Critical severity9.8NVD Advisory· Published Jan 3, 2022· Updated Jun 17, 2026

CVE-2021-25981

CVE-2021-25981

Description

In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the admin’s still-valid session token even when logged-out, to gain admin privileges, given the attacker is able to obtain that token (via other, hypothetical attacks)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Talkyard/Talkyardllm-create
    Range: v0.2021.20 through v0.2021.33, v0.2021.20 through v0.2021.34
  • debiki/Talkyardllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: v0.2021.20

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.