← العودة للجدول
CVE-2026-10130
CVE-2026-10130 — QueryWeaver contains an authentication bypass vulnerability that allows unauthen
📅 2026-07-18
🟠 High 🔥 No NVD Vulnerability Vulnerability CVSS 8.2

📋 الوصف الكامل

QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address. The signup route unconditionally creates and links a new token to the matching Identity via a Cypher MERGE operation before checking whether the email belongs to an existing account,

💻 الأنظمة المتأثرة

⚠️ نوع التهديد

Vulnerability

🔗 CVE ID

CVE-2026-10130

📡 المصدر

NVD

✅ الحلول والتخفيف

Refer to CVE-2026-10130 NVD advisory

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ← 🔍 Valters IT ←