CVE-2026-8670 | THREATINT

Description

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.

PUBLISHED Reserved 2026-05-15 | Published 2026-05-22 | Updated 2026-05-22 | Assigner NCSC.ch

CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-613 Insufficient session expiration

Product status

Default status

unaffected

Any version before 25.3.1

affected

Credits

Vicxer Inc. finder

References

support.avantra.com/hc/en-us/articles/5533929912351 vendor-advisory

cve.org (CVE-2026-8670)

nvd.nist.gov (CVE-2026-8670)

Download JSON