โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-50631
CVE-2026-50631 โ€” A race condition in AbstractOAuthDataProvider allows concurrent requests using t
๐Ÿ“… 2026-06-12
๐ŸŸ  High ๐Ÿ”ฅ No NVD Data Breach OT/ICS CVSS 7.4

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and generate multiple valid Access Tokens, when 'recycleRefreshTokens' is set to false. A leaked refresh token can be replayed concurrently by multiple attackers or threads.ย Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issu

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

Data Breach

๐Ÿ”— CVE ID

CVE-2026-50631

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

NVD

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Update to v4.2.2

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†