CVE-2026-12581
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk21th percentile - higher than 21% of all known CVEs
Summary
EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. Unauthenticated remote attackers can replace a specific session ID for a user, allowing them to gain the user's privileges once the user logs in.
Risk Assessment
Attackers can take control of a user's account, leading to unauthorized access to system data and functions. This can result in serious security implications for the organization.
Recommendation
It is recommended to implement protections against Session Fixation attacks, such as regenerating session IDs upon login. Additionally, monitoring and analyzing user session logs is advised.
Original NVD description (English source)
EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in.

