VYPR
Critical severity9.8NVD Advisory· Published Mar 27, 2026· Updated Apr 2, 2026

CVE-2026-25101

CVE-2026-25101

Description

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session.

This issue was fixed in version 3.17.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • cpe:2.3:a:bludit:bludit:*:*:*:*:*:*:*:*
    Range: <3.17.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.