Loading market data...
← Back to CVE feed

CVE-2026-59713

HIGH CVSS 8.1 View on NVD ↗

Description

Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the attacker.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Published: Jul 06, 2026 21:16 UTC Modified: Jul 07, 2026 15:16 UTC