CVE-2026-5085 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: April 13, 2026
Solstice::Session - Authentication Bypass
Published: April 13, 2026Updated: April 13, 2026Remote Exploitable
Overview
Solstice::Session through version 1440 contains a broken authentication caused by insecure session ID generation using predictable epoch time, weak rand() seeding, and process ID, letting attackers guess session IDs to gain unauthorized access, exploit requires no special privileges.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Attackers can predict session IDs to gain unauthorized access to user sessions, potentially compromising system security.
Mitigation
Update to the latest version with secure session ID generation.
References
Related Resources
Details
- CVE ID
- CVE-2026-5085
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- broken_authentication
- Status
- unconfirmed
CWE
- CWE-338
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N