High severity7.5NVD Advisory· Published Apr 30, 2024· Updated Apr 15, 2026

CVE-2024-26331

Description

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass the authentication mechanism by modifying the cookie to contain an expected value.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/nvd
www.recrystallize.com/merchant/ReCrystallize-Server-for-Crystal-Reports.htmnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.054
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000