VYPR

Kratos

by Ory

Source repositories

CVEs (2)

  • CVE-2026-33503HigMar 26, 2026
    risk 0.40cvss 7.2epss 0.00

    Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL injection due to flaws in its pagination implementation. Pagination tokens are encrypted using…

  • CVE-2024-45042MedSep 26, 2024
    risk 0.22cvss 4.4epss 0.00

    Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assume that the identity’s highest available AAL is `aal1` even though it really…