CVE-2026-8670

9.6 CRITICAL

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Re...

Published: 2026-05-22 · Last updated: 2026-06-02

Severity and scoring

CVSS: 9.6 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-613

Affected products

Vendor	Product
avantra	avantra

Description

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8670
[Vendor advisory]https://support.avantra.com/hc/en-us/articles/5533929912351

Related CVEs

Same vendor

CVE-2026-8673 — Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks (5.9 MEDIUM)
CVE-2026-8672 — Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords (5.1 MEDIUM)
CVE-2026-8671 — Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Expo... (7.5 HIGH)

Same CWE

CVE-2026-46657 — Bludit is a content management system (7.1 HIGH)
CVE-2026-46656 — Bludit is a content management system (8.8 HIGH)
CVE-2026-46401 — HAX CMS helps manage microsite universe with PHP or NodeJs backends
CVE-2026-48726 — A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: t... (6.5 MEDIUM)
CVE-2026-44648 — SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generat... (7.5 HIGH)