CVE-2026-8670

PUBLISHED
Published: 22 May 2026, 13:12
Last modified:22 May 2026, 15:05

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.6 CRITICAL
v3.1 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

22 May 2026, 13:12
Published
Vulnerability first disclosed
22 May 2026, 15:05
Last Modified
Vulnerability information updated

Description

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.

CVSS Metrics

  • v3.1CRITICALScore: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Techniques & Countermeasures

  • CWE-613Insufficient Session Expiration

    According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

Affected Systems

  • syslink software agavantra

    < 25.3.1

References (1)