CVE Catalog

CVE-2026-12581

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

21th percentile - higher than 21% of all known CVEs

Summary

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. Unauthenticated remote attackers can replace a specific session ID for a user, allowing them to gain the user's privileges once the user logs in.

Risk Assessment

Attackers can take control of a user's account, leading to unauthorized access to system data and functions. This can result in serious security implications for the organization.

Recommendation

It is recommended to implement protections against Session Fixation attacks, such as regenerating session IDs upon login. Additionally, monitoring and analyzing user session logs is advised.

Original NVD description (English source)

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS