VYPR

OAuth2

by Apache

CVEs (1)

  • CVE-2026-50629MedJun 12, 2026
    risk 0.34cvss 5.3epss 0.00

    The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are…