Home

Description

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.

PUBLISHED Reserved 2025-09-19 | Published 2026-03-04 | Updated 2026-03-04 | Assigner 2N




MEDIUM: 6.0CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-613 Insufficient Session Expiration

Product status

Default status
unaffected

Any version before 3.5
affected

References

www.2n.com/en-GB/download/cve_2025_59786_acom_3_5_v1pdf vendor-advisory

cve.org (CVE-2025-59786)

nvd.nist.gov (CVE-2025-59786)

Download JSON