CVE-2026-59099
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow conversation state due to keystream reuse caused by a fixed all-zero IV paired with the same encryption key.
Risk Assessment
The risk is that an unauthenticated attacker can decrypt sensitive user session data, potentially leading to account takeover, privilege escalation, or theft of sensitive organizational data.
Recommendation
Immediately upgrade Apereo CAS to version 8.0.0-RC6 or later, which fixes this vulnerability by ensuring a unique initialization vector for each encryption.
Original NVD description (English source)
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow conversation state due to keystream reuse caused by a fixed all-zero IV paired with the same encryption key.

