CVE-2026-59713 - Leantime - OIDC Login CSRF via Unconditional State Verification Stub
CVE ID :CVE-2026-59713
Published : July 6, 2026, 9:16 p.m. | 1 hour, 28 minutes ago
Description :Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the attacker.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : July 6, 2026, 9:16 p.m. | 1 hour, 28 minutes ago
Description :Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the attacker.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...