Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    263 vulnerabilities by WSO2

    CVE-2026-4249 (GCVE-0-2026-4249)

    Vulnerability from nvd – Published: 2026-07-06 10:16 – Updated: 2026-07-06 11:03
    VLAI
    Title
    Denial of Service via Malicious JSON Payloads in Throttling Events in Multiple WSO2 Products Causing Persistent Service Disruption
    Summary
    The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition. Successful exploitation of this vulnerability can disrupt the API Gateway, preventing legitimate API traffic from being processed and impacting complete service availability. The denial of service is persistent, requiring manual intervention to restore normal operations.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-707 - Use of Out-of-Scope Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Universal Gateway Affected: 4.5.0 , < 4.5.0.54 (custom)
    Affected: 4.6.0 , < 4.6.0.18 (custom)
    Affected: 4.7.0 , < 4.7.0.2 (custom)
    Create a notification for this product.
    WSO2 WSO2 Traffic Manager Affected: 4.5.0 , < 4.5.0.53 (custom)
    Affected: 4.6.0 , < 4.6.0.18 (custom)
    Affected: 4.7.0 , < 4.7.0.2 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Control Plane Affected: 4.5.0 , < 4.5.0.55 (custom)
    Affected: 4.6.0 , < 4.6.0.19 (custom)
    Affected: 4.7.0 , < 4.7.0.2 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.470 (custom)
    Affected: 3.2.1 , < 3.2.1.89 (custom)
    Affected: 4.0.0 , < 4.0.0.390 (custom)
    Affected: 4.1.0 , < 4.1.0.254 (custom)
    Affected: 4.2.0 , < 4.2.0.194 (custom)
    Affected: 4.3.0 , < 4.3.0.105 (custom)
    Affected: 4.4.0 , < 4.4.0.69 (custom)
    Affected: 4.5.0 , < 4.5.0.54 (custom)
    Affected: 4.6.0 , < 4.6.0.18 (custom)
    Affected: 4.7.0 , < 4.7.0.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4249",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T11:03:16.637529Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T11:03:48.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Universal Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.54",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.18",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.0.2",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Traffic Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.53",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.18",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.0.2",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Control Plane",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.55",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.19",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.0.2",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.470",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.89",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.390",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.254",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.194",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.105",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.0.69",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.0.54",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.18",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.0.2",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.54",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.18",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.0.2",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.53",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.18",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.0.2",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.55",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.19",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.0.2",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.0.470",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.1.89",
                      "versionStartIncluding": "3.2.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.0.390",
                      "versionStartIncluding": "4.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.254",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.194",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.105",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.4.0.69",
                      "versionStartIncluding": "4.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.54",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.18",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.0.2",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition.\n\nSuccessful exploitation of this vulnerability can disrupt the API Gateway, preventing legitimate API traffic from being processed and impacting complete service availability. The denial of service is persistent, requiring manual intervention to restore normal operations."
                }
              ],
              "value": "The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition.\n\nSuccessful exploitation of this vulnerability can disrupt the API Gateway, preventing legitimate API traffic from being processed and impacting complete service availability. The denial of service is persistent, requiring manual intervention to restore normal operations."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-10",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-10 CAPEC-10: Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "CWE-707: Use of Out-of-Scope Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T10:16:56.055Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5236/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5236/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5236/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5236/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2026-5236",
            "discovery": "INTERNAL"
          },
          "title": "Denial of Service via Malicious JSON Payloads in Throttling Events in Multiple WSO2 Products Causing Persistent Service Disruption",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2026-4249",
        "datePublished": "2026-07-06T10:16:56.055Z",
        "dateReserved": "2026-03-16T05:47:35.673Z",
        "dateUpdated": "2026-07-06T11:03:48.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8591 (GCVE-0-2025-8591)

    Vulnerability from nvd – Published: 2026-07-06 10:16 – Updated: 2026-07-06 11:05
    VLAI
    Title
    Reflected Cross-Site Scripting via URL Parameter in Multiple WSO2 Products Enables UI Modification
    Summary
    The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can cause the user's browser to redirect to a malicious website, modify the UI of the webpage, or retrieve information from the browser. However, the impact is mitigated by the use of httpOnly flags on session-related cookies, preventing session hijacking.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.381 (custom)
    Affected: 5.10.0 , < 5.10.0.384 (custom)
    Affected: 6.0.0 , < 6.0.0.255 (custom)
    Affected: 7.0.0 , < 7.0.0.131 (custom)
    Affected: 7.1.0 , < 7.1.0.21 (custom)
    Affected: 7.1.0 , < 7.1.0.51 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 3.1.0 (custom)
    Affected: 3.1.0 , < 3.1.0.355 (custom)
    Affected: 3.2.0 , < 3.2.0.459 (custom)
    Affected: 3.2.1 , < 3.2.1.78 (custom)
    Affected: 4.0.0 , < 4.0.0.380 (custom)
    Affected: 4.1.0 , < 4.1.0.243 (custom)
    Affected: 4.2.0 , < 4.2.0.183 (custom)
    Affected: 4.3.0 , < 4.3.0.94 (custom)
    Affected: 4.4.0 , < 4.4.0.58 (custom)
    Affected: 4.5.0 , < 4.5.0.43 (custom)
    Affected: 4.6.0 , < 4.6.0.7 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Control Plane Affected: 4.5.0 , < 4.5.0.44 (custom)
    Affected: 4.6.0 , < 4.6.0.8 (custom)
    Create a notification for this product.
    WSO2 WSO2 Traffic Manager Affected: 4.5.0 , < 4.5.0.42 (custom)
    Affected: 4.6.0 , < 4.6.0.7 (custom)
    Create a notification for this product.
    WSO2 WSO2 Universal Gateway Affected: 4.5.0 , < 4.5.0.42 (custom)
    Affected: 4.6.0 , < 4.6.0.7 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking AM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.404 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server as Key Manager Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.375 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking IAM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.424 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8591",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T11:04:42.314721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T11:05:59.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.381",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.384",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.0.255",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0.0.131",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.1.0.21",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.1.0.51",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.1.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.0.355",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.459",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.78",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.380",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.243",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.183",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.94",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.0.58",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.0.43",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Control Plane",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.44",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.8",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Traffic Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.42",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Universal Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.42",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking AM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.404",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server as Key Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.375",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking IAM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.424",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.381",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.384",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.0.255",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.0.131",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.21",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.51",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.1.0.355",
                      "versionStartIncluding": "3.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.0.459",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.1.78",
                      "versionStartIncluding": "3.2.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.0.380",
                      "versionStartIncluding": "4.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.243",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.183",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.94",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.4.0.58",
                      "versionStartIncluding": "4.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.43",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.7",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.44",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.8",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.42",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.7",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.42",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.7",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_open_banking_am:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.0.404",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.375",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.0.424",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user\u0027s browser. This condition allows an attacker to inject malicious script content into pages served by the application.\n\nBy leveraging this weakness, an attacker can cause the user\u0027s browser to redirect to a malicious website, modify the UI of the webpage, or retrieve information from the browser. However, the impact is mitigated by the use of httpOnly flags on session-related cookies, preventing session hijacking."
                }
              ],
              "value": "The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user\u0027s browser. This condition allows an attacker to inject malicious script content into pages served by the application.\n\nBy leveraging this weakness, an attacker can cause the user\u0027s browser to redirect to a malicious website, modify the UI of the webpage, or retrieve information from the browser. However, the impact is mitigated by the use of httpOnly flags on session-related cookies, preventing session hijacking."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 CAPEC-242: Cross-Site Scripting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T10:16:53.685Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4343/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4343/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4343/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4343/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4343",
            "discovery": "INTERNAL"
          },
          "title": "Reflected Cross-Site Scripting via URL Parameter in Multiple WSO2 Products Enables UI Modification",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-8591",
        "datePublished": "2026-07-06T10:16:53.685Z",
        "dateReserved": "2025-08-05T11:53:15.931Z",
        "dateUpdated": "2026-07-06T11:05:59.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1248 (GCVE-0-2024-1248)

    Vulnerability from nvd – Published: 2026-07-04 20:38 – Updated: 2026-07-06 13:50
    VLAI
    Title
    Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation
    Summary
    The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user. Exploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker's knowledge of a local user's username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-298 - Improper Handling of Identity During Provisioning
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Manager Unknown: 0 , < 3.0.0 (custom)
    Affected: 3.0.0 , < 3.0.0.153 (custom)
    Affected: 3.1.0 , < 3.1.0.267 (custom)
    Affected: 3.2.0 , < 3.2.0.351 (custom)
    Affected: 4.0.0 , < 4.0.0.269 (custom)
    Affected: 4.1.0 , < 4.1.0.169 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.8.0 (custom)
    Affected: 5.8.0 , < 5.8.0.101 (custom)
    Affected: 5.9.0 , < 5.9.0.138 (custom)
    Affected: 5.10.0 , < 5.10.0.284 (custom)
    Affected: 5.11.0 , < 5.11.0.321 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server as Key Manager Unknown: 0 , < 5.9.0 (custom)
    Affected: 5.9.0 , < 5.9.0.148 (custom)
    Affected: 5.10.0 , < 5.10.0.280 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking AM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.313 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking IAM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.333 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1248",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:50:04.702382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:50:13.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.0.153",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.0.267",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.351",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.269",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.169",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.8.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.8.0.101",
                  "status": "affected",
                  "version": "5.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.9.0.138",
                  "status": "affected",
                  "version": "5.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.284",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.11.0.321",
                  "status": "affected",
                  "version": "5.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server as Key Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.9.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.9.0.148",
                  "status": "affected",
                  "version": "5.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.280",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking AM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.313",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking IAM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.333",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user.\n\nExploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker\u0027s knowledge of a local user\u0027s username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator."
                }
              ],
              "value": "The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user.\n\nExploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker\u0027s knowledge of a local user\u0027s username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-26",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-26 CAPEC-26: Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-298",
                  "description": "CWE-298: Improper Handling of Identity During Provisioning",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T20:38:49.590Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3179/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3179/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3179/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3179/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2024-3179",
            "discovery": "INTERNAL"
          },
          "title": "Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2024-1248",
        "datePublished": "2026-07-04T20:38:49.590Z",
        "dateReserved": "2024-02-06T04:46:46.449Z",
        "dateUpdated": "2026-07-06T13:50:13.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13475 (GCVE-0-2025-13475)

    Vulnerability from nvd – Published: 2026-07-04 12:49 – Updated: 2026-07-06 13:55
    VLAI
    Title
    Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure
    Summary
    In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing. This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Access of Unprotected Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.382 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.457 (custom)
    Affected: 3.2.1 , < 3.2.1.76 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13475",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:55:17.820652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:55:26.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.382",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.457",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.76",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing.\n\nThis vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy."
                }
              ],
              "value": "In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing.\n\nThis vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-35",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-35 CAPEC-35: Accessing Unprotected Resources"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288: Access of Unprotected Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T12:49:06.782Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-1613/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-1613/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-1613/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-1613/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-1613",
            "discovery": "INTERNAL"
          },
          "title": "Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-13475",
        "datePublished": "2026-07-04T12:49:06.782Z",
        "dateReserved": "2025-11-20T12:17:18.234Z",
        "dateUpdated": "2026-07-06T13:55:26.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2053 (GCVE-0-2026-2053)

    Vulnerability from nvd – Published: 2026-06-26 07:26 – Updated: 2026-06-26 16:10
    VLAI
    Title
    Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager
    Summary
    The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests. Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Manager Unknown: 0 , < 3.1.0 (custom)
    Affected: 3.1.0 , < 3.1.0.360 (custom)
    Affected: 3.2.0 , < 3.2.0.465 (custom)
    Affected: 3.2.1 , < 3.2.1.84 (custom)
    Affected: 4.0.0 , < 4.0.0.385 (custom)
    Affected: 4.2.0 , < 4.2.0.189 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T16:09:25.936561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T16:10:15.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.1.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.0.360",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.465",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.84",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.385",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.189",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The WSO2 API Manager\u0027s message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests.\n\nSuccessful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks."
                }
              ],
              "value": "The WSO2 API Manager\u0027s message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests.\n\nSuccessful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-595",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-595 Server-Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T07:26:15.311Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5072/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5072/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5072/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5072/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2026-5072",
            "discovery": "INTERNAL"
          },
          "title": "Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2026-2053",
        "datePublished": "2026-06-26T07:26:15.311Z",
        "dateReserved": "2026-02-06T06:12:48.334Z",
        "dateUpdated": "2026-06-26T16:10:15.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9973 (GCVE-0-2025-9973)

    Vulnerability from nvd – Published: 2026-05-11 10:12 – Updated: 2026-05-11 15:18
    VLAI
    Title
    Authorization Bypass via Adaptive Authentication in WSO2 Identity Server Allows Cross-Organization Account Takeover
    Summary
    Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations. A malicious actor with privileges to configure adaptive authentication within one organization can leverage this functionality to execute authentication logic on other organizations and sub-organizations. This flaw allows bypassing authorization boundaries between organizations, leading to unauthorized access to critical operations and user accounts in other organizations. When adaptive authentication is enabled in a multi-organization deployment, a malicious actor with privileges to configure adaptive authentication in one organization could exploit this feature to perform critical operations in other organizations without authorization. This may result in privilege escalation, unauthorized access to resources, and potential account takeover across organizations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Affected: 7.1.0 , < 7.1.0.26 (custom)
    Create a notification for this product.
    WSO2 Conditional Authentication User and Roles Related Functions Affected: 1.2.76 , < 1.2.76.1 (custom)
    Unaffected: 1.2.82 , ≤ * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T15:18:34.283042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T15:18:59.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "7.1.0.26",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.identity.conditional.auth.functions:org.wso2.carbon.identity.conditional.auth.functions.user",
              "product": "Conditional Authentication User and Roles Related Functions",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.2.76.1",
                  "status": "affected",
                  "version": "1.2.76",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "1.2.82",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.26",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:conditional_authentication_user_and_roles_related_functions:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.76.1",
                      "versionStartIncluding": "1.2.76",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:conditional_authentication_user_and_roles_related_functions:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "1.2.82",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations. A malicious actor with privileges to configure adaptive authentication within one organization can leverage this functionality to execute authentication logic on other organizations and sub-organizations.\n\nThis flaw allows bypassing authorization boundaries between organizations, leading to unauthorized access to critical operations and user accounts in other organizations. When adaptive authentication is enabled in a multi-organization deployment, a malicious actor with privileges to configure adaptive authentication in one organization could exploit this feature to perform critical operations in other organizations without authorization. This may result in privilege escalation, unauthorized access to resources, and potential account takeover across organizations."
                }
              ],
              "value": "Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations. A malicious actor with privileges to configure adaptive authentication within one organization can leverage this functionality to execute authentication logic on other organizations and sub-organizations.\n\nThis flaw allows bypassing authorization boundaries between organizations, leading to unauthorized access to critical operations and user accounts in other organizations. When adaptive authentication is enabled in a multi-organization deployment, a malicious actor with privileges to configure adaptive authentication in one organization could exploit this feature to perform critical operations in other organizations without authorization. This may result in privilege escalation, unauthorized access to resources, and potential account takeover across organizations."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-601",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-601 CAPEC-601: Access Control"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T10:12:39.547Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4530/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4530/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4530/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4530/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4530",
            "discovery": "INTERNAL"
          },
          "title": "Authorization Bypass via Adaptive Authentication in WSO2 Identity Server Allows Cross-Organization Account Takeover",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-9973",
        "datePublished": "2026-05-11T10:12:39.547Z",
        "dateReserved": "2025-09-04T08:21:53.892Z",
        "dateUpdated": "2026-05-11T15:18:59.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10470 (GCVE-0-2025-10470)

    Vulnerability from nvd – Published: 2026-05-11 10:16 – Updated: 2026-05-11 12:38
    VLAI
    Title
    Denial-of-Service via Magic Link Authentication in WSO2 Identity Server Allows Service Unavailability
    Summary
    The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Affected: 7.0.0 , < 7.0.0.121 (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon MagicLink Authenticator Module Affected: 1.1.22 , < 1.1.22.3 (custom)
    Unaffected: 1.1.31 , ≤ * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T12:38:30.354857Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T12:38:39.383Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "7.0.0.121",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.identity.local.auth.magiclink:org.wso2.carbon.identity.application.authenticator.magiclink",
              "product": "WSO2 Carbon MagicLink Authenticator Module",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.1.22.3",
                  "status": "affected",
                  "version": "1.1.22",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "1.1.31",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.0.121",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.22.3",
                      "versionStartIncluding": "1.1.22",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "1.1.31",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth.\n\nThis vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger."
                }
              ],
              "value": "The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth.\n\nThis vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-132",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-132 CAPEC-132: Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T10:16:52.358Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4469",
            "discovery": "INTERNAL"
          },
          "title": "Denial-of-Service via Magic Link Authentication in WSO2 Identity Server Allows Service Unavailability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-10470",
        "datePublished": "2026-05-11T10:16:52.358Z",
        "dateReserved": "2025-09-15T08:51:01.163Z",
        "dateUpdated": "2026-05-11T12:38:39.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8325 (GCVE-0-2025-8325)

    Vulnerability from nvd – Published: 2026-05-11 09:37 – Updated: 2026-05-11 12:41
    VLAI
    Title
    Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations
    Summary
    The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x versions. A malicious actor with a valid user account on a vulnerable deployment can perform sensitive operations against the Gateway REST API regardless of their actual roles or privileges. This could lead to unintended behavior or misuse, particularly in production environments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-281 - Assigning Permissions Instead of Checking Them
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Control Plane Affected: 4.5.0 , < 4.5.0.18 (custom)
    Create a notification for this product.
    WSO2 WSO2 Universal Gateway Affected: 4.5.0 , < 4.5.0.17 (custom)
    Create a notification for this product.
    WSO2 WSO2 Traffic Manager Affected: 4.5.0 , < 4.5.0.17 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.435 (custom)
    Affected: 3.2.1 , < 3.2.1.55 (custom)
    Affected: 4.0.0 , < 4.0.0.355 (custom)
    Affected: 4.1.0 , < 4.1.0.219 (custom)
    Affected: 4.2.0 , < 4.2.0.157 (custom)
    Affected: 4.3.0 , < 4.3.0.70 (custom)
    Affected: 4.4.0 , < 4.4.0.33 (custom)
    Affected: 4.5.0 , < 4.5.0.17 (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon API Management Implementation Affected: 6.7.206 , < 6.7.206.563 (custom)
    Affected: 6.7.210 , < 6.7.210.55 (custom)
    Affected: 9.0.174 , < 9.0.174.513 (custom)
    Affected: 9.20.74 , < 9.20.74.375 (custom)
    Affected: 9.28.116 , < 9.28.116.352 (custom)
    Affected: 9.29.120 , < 9.29.120.177 (custom)
    Affected: 9.30.67 , < 9.30.67.100 (custom)
    Affected: 9.31.86 , < 9.31.86.58 (custom)
    Unaffected: 9.32.75 , ≤ * (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon API Manager Rest API Utility Affected: 6.7.206 , < 6.7.206.563 (custom)
    Affected: 6.7.210 , < 6.7.210.55 (custom)
    Affected: 9.0.174 , < 9.0.174.513 (custom)
    Affected: 9.20.74 , < 9.20.74.375 (custom)
    Affected: 9.28.116 , < 9.28.116.352 (custom)
    Affected: 9.29.120 , < 9.29.120.177 (custom)
    Affected: 9.30.67 , < 9.30.67.100 (custom)
    Affected: 9.31.86 , < 9.31.86.58 (custom)
    Unaffected: 9.32.75 , ≤ * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8325",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T12:41:13.926378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T12:41:26.715Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Control Plane",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.18",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Universal Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.17",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Traffic Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.17",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.435",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.55",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.355",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.219",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.157",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.70",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.0.33",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.0.17",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl",
              "product": "WSO2 Carbon API Management Implementation",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "6.7.206.563",
                  "status": "affected",
                  "version": "6.7.206",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.210.55",
                  "status": "affected",
                  "version": "6.7.210",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.0.174.513",
                  "status": "affected",
                  "version": "9.0.174",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.20.74.375",
                  "status": "affected",
                  "version": "9.20.74",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.28.116.352",
                  "status": "affected",
                  "version": "9.28.116",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.29.120.177",
                  "status": "affected",
                  "version": "9.29.120",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.30.67.100",
                  "status": "affected",
                  "version": "9.30.67",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.31.86.58",
                  "status": "affected",
                  "version": "9.31.86",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "9.32.75",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.util",
              "product": "WSO2 Carbon API Manager Rest API Utility",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "6.7.206.563",
                  "status": "affected",
                  "version": "6.7.206",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.210.55",
                  "status": "affected",
                  "version": "6.7.210",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.0.174.513",
                  "status": "affected",
                  "version": "9.0.174",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.20.74.375",
                  "status": "affected",
                  "version": "9.20.74",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.28.116.352",
                  "status": "affected",
                  "version": "9.28.116",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.29.120.177",
                  "status": "affected",
                  "version": "9.29.120",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.30.67.100",
                  "status": "affected",
                  "version": "9.30.67",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.31.86.58",
                  "status": "affected",
                  "version": "9.31.86",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "9.32.75",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.18",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.17",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.17",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.0.435",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.1.55",
                      "versionStartIncluding": "3.2.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.0.355",
                      "versionStartIncluding": "4.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.219",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.157",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.70",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.4.0.33",
                      "versionStartIncluding": "4.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.17",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.206.563",
                      "versionStartIncluding": "6.7.206",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.210.55",
                      "versionStartIncluding": "6.7.210",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.174.513",
                      "versionStartIncluding": "9.0.174",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.20.74.375",
                      "versionStartIncluding": "9.20.74",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.28.116.352",
                      "versionStartIncluding": "9.28.116",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.29.120.177",
                      "versionStartIncluding": "9.29.120",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.30.67.100",
                      "versionStartIncluding": "9.30.67",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.31.86.58",
                      "versionStartIncluding": "9.31.86",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "9.32.75",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.206.563",
                      "versionStartIncluding": "6.7.206",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.210.55",
                      "versionStartIncluding": "6.7.210",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.174.513",
                      "versionStartIncluding": "9.0.174",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.20.74.375",
                      "versionStartIncluding": "9.20.74",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.28.116.352",
                      "versionStartIncluding": "9.28.116",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.29.120.177",
                      "versionStartIncluding": "9.29.120",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.30.67.100",
                      "versionStartIncluding": "9.30.67",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.31.86.58",
                      "versionStartIncluding": "9.31.86",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "9.32.75",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the \u0027Internal/Everyone\u0027 role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x versions.\n\nA malicious actor with a valid user account on a vulnerable deployment can perform sensitive operations against the Gateway REST API regardless of their actual roles or privileges. This could lead to unintended behavior or misuse, particularly in production environments."
                }
              ],
              "value": "The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the \u0027Internal/Everyone\u0027 role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x versions.\n\nA malicious actor with a valid user account on a vulnerable deployment can perform sensitive operations against the Gateway REST API regardless of their actual roles or privileges. This could lead to unintended behavior or misuse, particularly in production environments."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-558",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-558 CAPEC-558: Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281: Assigning Permissions Instead of Checking Them",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T09:37:16.152Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4401/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4401/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4401/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4401/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4401",
            "discovery": "INTERNAL"
          },
          "title": "Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-8325",
        "datePublished": "2026-05-11T09:37:16.152Z",
        "dateReserved": "2025-07-30T06:56:38.447Z",
        "dateUpdated": "2026-05-11T12:41:26.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8154 (GCVE-0-2025-8154)

    Vulnerability from nvd – Published: 2026-05-11 09:30 – Updated: 2026-05-11 12:43
    VLAI
    Title
    HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation
    Summary
    In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP response headers. This can lead to various adverse effects, including the manipulation of browser caching, alteration of security-related headers, and the injection of sensitive information such as cookie values, potentially enabling session hijacking or other malicious activities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Manager Unknown: 0 , < 4.1.0 (custom)
    Affected: 4.1.0 , < 4.1.0.218 (custom)
    Affected: 4.2.0 , < 4.2.0.164 (custom)
    Affected: 4.3.0 , < 4.3.0.74 (custom)
    Affected: 4.4.0 , < 4.4.0.38 (custom)
    Affected: 4.5.0 , < 4.5.0.20 (custom)
    Create a notification for this product.
    WSO2 WSO2 Universal Gateway Affected: 4.5.0 , < 4.5.0.19 (custom)
    Create a notification for this product.
    WSO2 WSO2 Traffic Manager Affected: 4.5.0 , < 4.5.0.19 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Control Plane Affected: 4.5.0 , < 4.5.0.21 (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon API Gateway Affected: 9.20.74 , < 9.20.74.374 (custom)
    Affected: 9.28.116 , < 9.28.116.363 (custom)
    Affected: 9.29.120 , < 9.29.120.181 (custom)
    Affected: 9.30.67 , < 9.30.67.104 (custom)
    Affected: 9.31.86 , < 9.31.86.64 (custom)
    Unaffected: 9.32.2 , ≤ * (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon API Management Implementation Affected: 9.20.74 , < 9.20.74.374 (custom)
    Affected: 9.28.116 , < 9.28.116.363 (custom)
    Affected: 9.29.120 , < 9.29.120.181 (custom)
    Affected: 9.30.67 , < 9.30.67.104 (custom)
    Affected: 9.31.86 , < 9.31.86.64 (custom)
    Unaffected: 9.32.2 , ≤ * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T12:43:38.026738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T12:43:47.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.1.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.218",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.164",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.74",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.0.38",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.0.20",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Universal Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.19",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Traffic Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.19",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Control Plane",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.21",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.gateway",
              "product": "WSO2 Carbon API Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "9.20.74.374",
                  "status": "affected",
                  "version": "9.20.74",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.28.116.363",
                  "status": "affected",
                  "version": "9.28.116",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.29.120.181",
                  "status": "affected",
                  "version": "9.29.120",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.30.67.104",
                  "status": "affected",
                  "version": "9.30.67",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.31.86.64",
                  "status": "affected",
                  "version": "9.31.86",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "9.32.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl",
              "product": "WSO2 Carbon API Management Implementation",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "9.20.74.374",
                  "status": "affected",
                  "version": "9.20.74",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.28.116.363",
                  "status": "affected",
                  "version": "9.28.116",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.29.120.181",
                  "status": "affected",
                  "version": "9.29.120",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.30.67.104",
                  "status": "affected",
                  "version": "9.30.67",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.31.86.64",
                  "status": "affected",
                  "version": "9.31.86",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "9.32.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.218",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.164",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.74",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.4.0.38",
                      "versionStartIncluding": "4.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.20",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.19",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.19",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.21",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.20.74.374",
                      "versionStartIncluding": "9.20.74",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.28.116.363",
                      "versionStartIncluding": "9.28.116",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.29.120.181",
                      "versionStartIncluding": "9.29.120",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.30.67.104",
                      "versionStartIncluding": "9.30.67",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.31.86.64",
                      "versionStartIncluding": "9.31.86",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "9.32.2",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.20.74.374",
                      "versionStartIncluding": "9.20.74",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.28.116.363",
                      "versionStartIncluding": "9.28.116",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.29.120.181",
                      "versionStartIncluding": "9.29.120",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.30.67.104",
                      "versionStartIncluding": "9.30.67",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.31.86.64",
                      "versionStartIncluding": "9.31.86",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "9.32.2",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses.\n\nBy exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP response headers. This can lead to various adverse effects, including the manipulation of browser caching, alteration of security-related headers, and the injection of sensitive information such as cookie values, potentially enabling session hijacking or other malicious activities."
                }
              ],
              "value": "In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses.\n\nBy exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP response headers. This can lead to various adverse effects, including the manipulation of browser caching, alteration of security-related headers, and the injection of sensitive information such as cookie values, potentially enabling session hijacking or other malicious activities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-118",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-118 CAPEC-118: HTTP Response Splitting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T09:43:39.282Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4410/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4410/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4410/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4410/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4410/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4410",
            "discovery": "INTERNAL"
          },
          "title": "HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-8154",
        "datePublished": "2026-05-11T09:30:36.027Z",
        "dateReserved": "2025-07-25T06:42:23.104Z",
        "dateUpdated": "2026-05-11T12:43:47.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10908 (GCVE-0-2025-10908)

    Vulnerability from nvd – Published: 2026-05-11 09:01 – Updated: 2026-05-11 18:38
    VLAI
    Title
    Account Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized Access
    Summary
    Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow unauthorized access to applications and sensitive data associated with accounts that should have been restricted via the account lock mechanism. It also undermines the effectiveness of the account lock mechanism intended to prevent further login attempts.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 6.0.0 (custom)
    Affected: 6.0.0 , < 6.0.0.249 (custom)
    Affected: 6.1.0 , < 6.1.0.248 (custom)
    Affected: 7.0.0 , < 7.0.0.124 (custom)
    Affected: 7.1.0 , < 7.1.0.31 (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon MagicLink Authenticator Module Affected: 1.1.0 , < 1.1.0.1 (custom)
    Affected: 1.1.5 , < 1.1.5.2 (custom)
    Affected: 1.1.22 , < 1.1.22.5 (custom)
    Affected: 1.1.31 , < 1.1.31.2 (custom)
    Unaffected: 1.1.43 , ≤ * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10908",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T18:37:41.307369Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T18:38:02.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "6.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.0.249",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.0.248",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0.0.124",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.1.0.31",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.identity.local.auth.magiclink:org.wso2.carbon.identity.application.authenticator.magiclink",
              "product": "WSO2 Carbon MagicLink Authenticator Module",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.1.0.1",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.1.5.2",
                  "status": "affected",
                  "version": "1.1.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.1.22.5",
                  "status": "affected",
                  "version": "1.1.22",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.1.31.2",
                  "status": "affected",
                  "version": "1.1.31",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "1.1.43",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.0.249",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.0.248",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.0.124",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.31",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.0.1",
                      "versionStartIncluding": "1.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.5.2",
                      "versionStartIncluding": "1.1.5",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.22.5",
                      "versionStartIncluding": "1.1.22",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.31.2",
                      "versionStartIncluding": "1.1.31",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "1.1.43",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked.\n\nThis vulnerability may allow unauthorized access to applications and sensitive data associated with accounts that should have been restricted via the account lock mechanism. It also undermines the effectiveness of the account lock mechanism intended to prevent further login attempts."
                }
              ],
              "value": "Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked.\n\nThis vulnerability may allow unauthorized access to applications and sensitive data associated with accounts that should have been restricted via the account lock mechanism. It also undermines the effectiveness of the account lock mechanism intended to prevent further login attempts."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-538",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-538 CAPEC-538: Bypass Authentication"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T09:01:43.938Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4388/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4388/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4388/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4388/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4388",
            "discovery": "INTERNAL"
          },
          "title": "Account Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized Access",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-10908",
        "datePublished": "2026-05-11T09:01:43.938Z",
        "dateReserved": "2025-09-24T09:32:17.201Z",
        "dateUpdated": "2026-05-11T18:38:02.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0391 (GCVE-0-2024-0391)

    Vulnerability from nvd – Published: 2026-05-11 08:45 – Updated: 2026-05-11 12:46
    VLAI
    Title
    Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery
    Summary
    The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage this information to craft targeted phishing campaigns or other malicious activities aimed at tricking users into divulging sensitive data, potentially damaging the organization's reputation and leading to regulatory non-compliance and financial consequences.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable response discrepancy
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.379 (custom)
    Affected: 5.11.0 , < 5.11.0.426 (custom)
    Affected: 5.11.0 , < 5.11.0.431 (custom)
    Affected: 6.0.0 , < 6.0.0.253 (custom)
    Affected: 6.1.0 , < 6.1.0.254 (custom)
    Affected: 7.0.0 , < 7.0.0.131 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking IAM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.318 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server as Key Manager Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.267 (custom)
    Create a notification for this product.
    WSO2 Email OTP Authenticator Affected: 1.0.18 , < 1.0.18.7 (custom)
    Unaffected: 1.0.24 , ≤ * (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon Authenticator Library For EmailOTP Affected: 4.1.0 , < 4.1.0.8 (custom)
    Affected: 4.1.4 , < 4.1.4.9 (custom)
    Unaffected: 4.1.22 , ≤ * (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon Authenticator Library For EmailOTP Affected: 3.0.5 , < 3.0.5.8 (custom)
    Affected: 3.0.24 , < 3.0.24.6 (custom)
    Affected: 3.0.26 , < 3.0.26.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0391",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T12:45:51.278289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T12:46:03.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.379",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.11.0.426",
                  "status": "affected",
                  "version": "5.11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.11.0.431",
                  "status": "affected",
                  "version": "5.11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.0.253",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.0.254",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0.0.131",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking IAM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.318",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server as Key Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.267",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.identity.local.auth.emailotp:org.wso2.carbon.identity.local.auth.emailotp",
              "product": "Email OTP Authenticator",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.0.18.7",
                  "status": "affected",
                  "version": "1.0.18",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "1.0.24",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.extension.identity.authenticator.outbound.emailotp:org.wso2.carbon.identity.authenticator.emailotp",
              "product": "WSO2 Carbon Authenticator Library For EmailOTP",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.1.0.8",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.4.9",
                  "status": "affected",
                  "version": "4.1.4",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "4.1.22",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.extension.identity.authenticator.outbound.emailotp:org.wso2.carbon.extension.identity.authenticator.emailotp.connector",
              "product": "WSO2 Carbon Authenticator Library For EmailOTP",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.0.5.8",
                  "status": "affected",
                  "version": "3.0.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.24.6",
                  "status": "affected",
                  "version": "3.0.24",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.26.16",
                  "status": "affected",
                  "version": "3.0.26",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.379",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.11.0.426",
                      "versionStartIncluding": "5.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.11.0.431",
                      "versionStartIncluding": "5.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.0.253",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.0.254",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.0.131",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.0.318",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.267",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:email_otp_authenticator:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.0.18.7",
                      "versionStartIncluding": "1.0.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:email_otp_authenticator:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "1.0.24",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.8",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.4.9",
                      "versionStartIncluding": "4.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "4.1.22",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.5.8",
                      "versionStartIncluding": "3.0.5",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.24.6",
                      "versionStartIncluding": "3.0.24",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.26.16",
                      "versionStartIncluding": "3.0.26",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts.\n\nThe discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage this information to craft targeted phishing campaigns or other malicious activities aimed at tricking users into divulging sensitive data, potentially damaging the organization\u0027s reputation and leading to regulatory non-compliance and financial consequences."
                }
              ],
              "value": "The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts.\n\nThe discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage this information to craft targeted phishing campaigns or other malicious activities aimed at tricking users into divulging sensitive data, potentially damaging the organization\u0027s reputation and leading to regulatory non-compliance and financial consequences."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-249",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-249 CAPEC-249: Inferential Information Gathering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable response discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T08:45:33.754Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2024-3115",
            "discovery": "INTERNAL"
          },
          "title": "Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2024-0391",
        "datePublished": "2026-05-11T08:45:33.754Z",
        "dateReserved": "2024-01-10T09:02:14.122Z",
        "dateUpdated": "2026-05-11T12:46:03.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10503 (GCVE-0-2025-10503)

    Vulnerability from nvd – Published: 2026-04-29 08:08 – Updated: 2026-04-29 12:28
    VLAI
    Title
    Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity Server
    Summary
    The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this vulnerability to redirect the user's browser to a malicious website, modify the user interface of the web page, retrieve information from the browser, or cause other harmful actions. However, due to the protection of session-related cookies with the httpOnly flag, session hijacking is not possible.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Affected: 7.1.0 , < 7.1.0.28 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10503",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T12:28:07.158383Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-29T12:28:52.278Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "7.1.0.28",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.28",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting.\n\nAn attacker can leverage this vulnerability to redirect the user\u0027s browser to a malicious website, modify the user interface of the web page, retrieve information from the browser, or cause other harmful actions. However, due to the protection of session-related cookies with the httpOnly flag, session hijacking is not possible."
                }
              ],
              "value": "The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting.\n\nAn attacker can leverage this vulnerability to redirect the user\u0027s browser to a malicious website, modify the user interface of the web page, retrieve information from the browser, or cause other harmful actions. However, due to the protection of session-related cookies with the httpOnly flag, session hijacking is not possible."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-20",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-20 CAPEC-20: Cross-site Scripting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-29T08:08:37.335Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4577/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4577/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4577/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4577/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4577",
            "discovery": "INTERNAL"
          },
          "title": "Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity Server",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-10503",
        "datePublished": "2026-04-29T08:08:37.335Z",
        "dateReserved": "2025-09-16T04:58:57.289Z",
        "dateUpdated": "2026-04-29T12:28:52.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12624 (GCVE-0-2025-12624)

    Vulnerability from nvd – Published: 2026-04-16 10:25 – Updated: 2026-04-16 12:30
    VLAI
    Title
    Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock
    Summary
    Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security consequence is that a locked user account can maintain access to protected resources through the use of existing, unexpired access tokens. This creates a security gap where access control policies are bypassed, potentially leading to unauthorized data access or actions until the tokens naturally expire.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.2.0 (custom)
    Affected: 5.2.0 , < 5.2.0.35 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12624",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T12:19:51.834842Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T12:30:14.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.0.35",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.0.35",
                      "versionStartIncluding": "5.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts.\n\nThe security consequence is that a locked user account can maintain access to protected resources through the use of existing, unexpired access tokens. This creates a security gap where access control policies are bypassed, potentially leading to unauthorized data access or actions until the tokens naturally expire."
                }
              ],
              "value": "Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts.\n\nThe security consequence is that a locked user account can maintain access to protected resources through the use of existing, unexpired access tokens. This creates a security gap where access control policies are bypassed, potentially leading to unauthorized data access or actions until the tokens naturally expire."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-149",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-149 CAPEC-149: Session Token Handling"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613: Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T10:25:19.789Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4684",
            "discovery": "INTERNAL"
          },
          "title": "Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-12624",
        "datePublished": "2026-04-16T10:25:19.789Z",
        "dateReserved": "2025-11-03T06:20:27.950Z",
        "dateUpdated": "2026-04-16T12:30:14.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6024 (GCVE-0-2025-6024)

    Vulnerability from nvd – Published: 2026-04-16 09:48 – Updated: 2026-04-16 12:30
    VLAI
    Title
    Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites
    Summary
    The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious website, manipulation of the web page's user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Manager Unknown: 0 , < 3.1.0 (custom)
    Affected: 3.1.0 , < 3.1.0.351 (custom)
    Affected: 3.2.0 , < 3.2.0.455 (custom)
    Affected: 3.2.1 , < 3.2.1.74 (custom)
    Affected: 4.0.0 , < 4.0.0.375 (custom)
    Affected: 4.1.0 , < 4.1.0.238 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.360 (custom)
    Affected: 5.11.0 , < 5.11.0.405 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6024",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T12:19:54.071212Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T12:30:22.824Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.1.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.0.351",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.455",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.74",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.375",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.238",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.360",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.11.0.405",
                  "status": "affected",
                  "version": "5.11.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.\nAn attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user\u0027s browser being redirected to a malicious website, manipulation of the web page\u0027s user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies."
                }
              ],
              "value": "The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.\nAn attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user\u0027s browser being redirected to a malicious website, manipulation of the web page\u0027s user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-104",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-104 CAPEC-104: Cross-Site Scripting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T09:48:45.244Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4251/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4251",
            "discovery": "INTERNAL"
          },
          "title": "Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-6024",
        "datePublished": "2026-04-16T09:48:45.244Z",
        "dateReserved": "2025-06-12T09:23:00.709Z",
        "dateUpdated": "2026-04-16T12:30:22.824Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8010 (GCVE-0-2024-8010)

    Vulnerability from nvd – Published: 2026-04-16 09:39 – Updated: 2026-04-16 12:30
    VLAI
    Title
    XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files
    Summary
    The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files from the product's file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.397 (custom)
    Affected: 3.2.1 , < 3.2.1.27 (custom)
    Affected: 4.0.0 , < 4.0.0.310 (custom)
    Affected: 4.0.0 , < 4.0.0.319 (custom)
    Affected: 4.1.0 , < 4.1.0.171 (custom)
    Affected: 4.2.0 , < 4.2.0.127 (custom)
    Affected: 4.3.0 , < 4.3.0.39 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8010",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T12:19:58.639337Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T12:30:36.466Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.397",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.27",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.310",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.319",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.171",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.127",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.39",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.0.397",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.1.27",
                      "versionStartIncluding": "3.2.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.0.310",
                      "versionStartIncluding": "4.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.0.319",
                      "versionStartIncluding": "4.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.171",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.127",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.39",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references.\n\nBy leveraging this vulnerability, a malicious actor can read confidential files from the product\u0027s file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product."
                }
              ],
              "value": "The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references.\n\nBy leveraging this vulnerability, a malicious actor can read confidential files from the product\u0027s file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-120",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-120 CAPEC-120: XML External Entity (XXE) Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T09:39:20.130Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2024-3581",
            "discovery": "INTERNAL"
          },
          "title": "XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2024-8010",
        "datePublished": "2026-04-16T09:39:20.130Z",
        "dateReserved": "2024-08-20T12:45:54.123Z",
        "dateUpdated": "2026-04-16T12:30:36.466Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-4867 (GCVE-0-2024-4867)

    Vulnerability from nvd – Published: 2026-04-16 09:32 – Updated: 2026-04-16 12:30
    VLAI
    Title
    Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval
    Summary
    The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user's browser. By leveraging this cross-site scripting vulnerability, a malicious actor can cause the browser to redirect to a malicious website, make changes to the UI of the web page, or retrieve information from the browser. However, session hijacking is not possible as all session-related sensitive cookies are protected by the httpOnly flag.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.408 (custom)
    Affected: 3.2.1 , < 3.2.1.32 (custom)
    Affected: 4.0.0 , < 4.0.0.293 (custom)
    Affected: 4.1.0 , < 4.1.0.187 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-4867",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T12:20:00.908233Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T12:30:42.568Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.408",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.32",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.293",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.187",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user\u0027s browser.\n\nBy leveraging this cross-site scripting vulnerability, a malicious actor can cause the browser to redirect to a malicious website, make changes to the UI of the web page, or retrieve information from the browser. However, session hijacking is not possible as all session-related sensitive cookies are protected by the httpOnly flag."
                }
              ],
              "value": "The WSO2 API Manager developer portal accepts user-supplied input without enforcing expected validation constraints or proper output encoding. This deficiency allows a malicious actor to inject script content that is executed within the context of a user\u0027s browser.\n\nBy leveraging this cross-site scripting vulnerability, a malicious actor can cause the browser to redirect to a malicious website, make changes to the UI of the web page, or retrieve information from the browser. However, session hijacking is not possible as all session-related sensitive cookies are protected by the httpOnly flag."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-232",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-232 CAPEC-232: Cross-site Scripting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T09:32:40.941Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3391/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3391/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3391/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3391/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2024-3391",
            "discovery": "INTERNAL"
          },
          "title": "Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2024-4867",
        "datePublished": "2026-04-16T09:32:40.941Z",
        "dateReserved": "2024-05-14T12:13:06.529Z",
        "dateUpdated": "2026-04-16T12:30:42.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-10242 (GCVE-0-2024-10242)

    Vulnerability from nvd – Published: 2026-04-16 09:45 – Updated: 2026-04-16 12:30
    VLAI
    Title
    Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection
    Summary
    The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an attacker to redirect the user's browser to a malicious website, modify the UI of the web page, or retrieve information from the browser. However, the impact is limited as session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.401 (custom)
    Affected: 4.0.0 , < 4.0.0.318 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T12:19:56.439304Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T12:30:30.619Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.401",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.318",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim\u0027s browser.\n\nSuccessful exploitation can enable an attacker to redirect the user\u0027s browser to a malicious website, modify the UI of the web page, or retrieve information from the browser. However, the impact is limited as session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking."
                }
              ],
              "value": "The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim\u0027s browser.\n\nSuccessful exploitation can enable an attacker to redirect the user\u0027s browser to a malicious website, modify the UI of the web page, or retrieve information from the browser. However, the impact is limited as session-related sensitive cookies are protected by the httpOnly flag, preventing session hijacking."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-82",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-82 CAPEC-82: Cross-site Scripting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T09:45:46.115Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3741/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3741/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3741/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3741/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2024-3741",
            "discovery": "INTERNAL"
          },
          "title": "Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2024-10242",
        "datePublished": "2026-04-16T09:45:46.115Z",
        "dateReserved": "2024-10-22T10:00:06.524Z",
        "dateUpdated": "2026-04-16T12:30:30.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4249 (GCVE-0-2026-4249)

    Vulnerability from cvelistv5 – Published: 2026-07-06 10:16 – Updated: 2026-07-06 11:03
    VLAI
    Title
    Denial of Service via Malicious JSON Payloads in Throttling Events in Multiple WSO2 Products Causing Persistent Service Disruption
    Summary
    The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition. Successful exploitation of this vulnerability can disrupt the API Gateway, preventing legitimate API traffic from being processed and impacting complete service availability. The denial of service is persistent, requiring manual intervention to restore normal operations.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-707 - Use of Out-of-Scope Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Universal Gateway Affected: 4.5.0 , < 4.5.0.54 (custom)
    Affected: 4.6.0 , < 4.6.0.18 (custom)
    Affected: 4.7.0 , < 4.7.0.2 (custom)
    Create a notification for this product.
    WSO2 WSO2 Traffic Manager Affected: 4.5.0 , < 4.5.0.53 (custom)
    Affected: 4.6.0 , < 4.6.0.18 (custom)
    Affected: 4.7.0 , < 4.7.0.2 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Control Plane Affected: 4.5.0 , < 4.5.0.55 (custom)
    Affected: 4.6.0 , < 4.6.0.19 (custom)
    Affected: 4.7.0 , < 4.7.0.2 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.470 (custom)
    Affected: 3.2.1 , < 3.2.1.89 (custom)
    Affected: 4.0.0 , < 4.0.0.390 (custom)
    Affected: 4.1.0 , < 4.1.0.254 (custom)
    Affected: 4.2.0 , < 4.2.0.194 (custom)
    Affected: 4.3.0 , < 4.3.0.105 (custom)
    Affected: 4.4.0 , < 4.4.0.69 (custom)
    Affected: 4.5.0 , < 4.5.0.54 (custom)
    Affected: 4.6.0 , < 4.6.0.18 (custom)
    Affected: 4.7.0 , < 4.7.0.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4249",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T11:03:16.637529Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T11:03:48.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Universal Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.54",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.18",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.0.2",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Traffic Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.53",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.18",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.0.2",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Control Plane",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.55",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.19",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.0.2",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.470",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.89",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.390",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.254",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.194",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.105",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.0.69",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.0.54",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.18",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.0.2",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.54",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.18",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.0.2",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.53",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.18",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.0.2",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.55",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.19",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.0.2",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.0.470",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.1.89",
                      "versionStartIncluding": "3.2.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.0.390",
                      "versionStartIncluding": "4.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.254",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.194",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.105",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.4.0.69",
                      "versionStartIncluding": "4.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.54",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.18",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.0.2",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition.\n\nSuccessful exploitation of this vulnerability can disrupt the API Gateway, preventing legitimate API traffic from being processed and impacting complete service availability. The denial of service is persistent, requiring manual intervention to restore normal operations."
                }
              ],
              "value": "The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition.\n\nSuccessful exploitation of this vulnerability can disrupt the API Gateway, preventing legitimate API traffic from being processed and impacting complete service availability. The denial of service is persistent, requiring manual intervention to restore normal operations."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-10",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-10 CAPEC-10: Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-707",
                  "description": "CWE-707: Use of Out-of-Scope Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T10:16:56.055Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5236/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5236/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5236/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5236/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2026-5236",
            "discovery": "INTERNAL"
          },
          "title": "Denial of Service via Malicious JSON Payloads in Throttling Events in Multiple WSO2 Products Causing Persistent Service Disruption",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2026-4249",
        "datePublished": "2026-07-06T10:16:56.055Z",
        "dateReserved": "2026-03-16T05:47:35.673Z",
        "dateUpdated": "2026-07-06T11:03:48.847Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8591 (GCVE-0-2025-8591)

    Vulnerability from cvelistv5 – Published: 2026-07-06 10:16 – Updated: 2026-07-06 11:05
    VLAI
    Title
    Reflected Cross-Site Scripting via URL Parameter in Multiple WSO2 Products Enables UI Modification
    Summary
    The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user's browser. This condition allows an attacker to inject malicious script content into pages served by the application. By leveraging this weakness, an attacker can cause the user's browser to redirect to a malicious website, modify the UI of the webpage, or retrieve information from the browser. However, the impact is mitigated by the use of httpOnly flags on session-related cookies, preventing session hijacking.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.381 (custom)
    Affected: 5.10.0 , < 5.10.0.384 (custom)
    Affected: 6.0.0 , < 6.0.0.255 (custom)
    Affected: 7.0.0 , < 7.0.0.131 (custom)
    Affected: 7.1.0 , < 7.1.0.21 (custom)
    Affected: 7.1.0 , < 7.1.0.51 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 3.1.0 (custom)
    Affected: 3.1.0 , < 3.1.0.355 (custom)
    Affected: 3.2.0 , < 3.2.0.459 (custom)
    Affected: 3.2.1 , < 3.2.1.78 (custom)
    Affected: 4.0.0 , < 4.0.0.380 (custom)
    Affected: 4.1.0 , < 4.1.0.243 (custom)
    Affected: 4.2.0 , < 4.2.0.183 (custom)
    Affected: 4.3.0 , < 4.3.0.94 (custom)
    Affected: 4.4.0 , < 4.4.0.58 (custom)
    Affected: 4.5.0 , < 4.5.0.43 (custom)
    Affected: 4.6.0 , < 4.6.0.7 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Control Plane Affected: 4.5.0 , < 4.5.0.44 (custom)
    Affected: 4.6.0 , < 4.6.0.8 (custom)
    Create a notification for this product.
    WSO2 WSO2 Traffic Manager Affected: 4.5.0 , < 4.5.0.42 (custom)
    Affected: 4.6.0 , < 4.6.0.7 (custom)
    Create a notification for this product.
    WSO2 WSO2 Universal Gateway Affected: 4.5.0 , < 4.5.0.42 (custom)
    Affected: 4.6.0 , < 4.6.0.7 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking AM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.404 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server as Key Manager Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.375 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking IAM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.424 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8591",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T11:04:42.314721Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T11:05:59.157Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.381",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.384",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.0.255",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0.0.131",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.1.0.21",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.1.0.51",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.1.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.0.355",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.459",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.78",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.380",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.243",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.183",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.94",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.0.58",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.0.43",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Control Plane",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.44",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.8",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Traffic Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.42",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Universal Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.42",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.0.7",
                  "status": "affected",
                  "version": "4.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking AM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.404",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server as Key Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.375",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking IAM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.424",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.381",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.384",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.0.255",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.0.131",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.21",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.51",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.1.0.355",
                      "versionStartIncluding": "3.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.0.459",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.1.78",
                      "versionStartIncluding": "3.2.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.0.380",
                      "versionStartIncluding": "4.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.243",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.183",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.94",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.4.0.58",
                      "versionStartIncluding": "4.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.43",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.7",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.44",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.8",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.42",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.7",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.42",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.6.0.7",
                      "versionStartIncluding": "4.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_open_banking_am:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.0.404",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.375",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.0.424",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user\u0027s browser. This condition allows an attacker to inject malicious script content into pages served by the application.\n\nBy leveraging this weakness, an attacker can cause the user\u0027s browser to redirect to a malicious website, modify the UI of the webpage, or retrieve information from the browser. However, the impact is mitigated by the use of httpOnly flags on session-related cookies, preventing session hijacking."
                }
              ],
              "value": "The software accepts user-supplied input via a URL parameter without adequate output encoding before reflecting it back to the user\u0027s browser. This condition allows an attacker to inject malicious script content into pages served by the application.\n\nBy leveraging this weakness, an attacker can cause the user\u0027s browser to redirect to a malicious website, modify the UI of the webpage, or retrieve information from the browser. However, the impact is mitigated by the use of httpOnly flags on session-related cookies, preventing session hijacking."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 CAPEC-242: Cross-Site Scripting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T10:16:53.685Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4343/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4343/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4343/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4343/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4343",
            "discovery": "INTERNAL"
          },
          "title": "Reflected Cross-Site Scripting via URL Parameter in Multiple WSO2 Products Enables UI Modification",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-8591",
        "datePublished": "2026-07-06T10:16:53.685Z",
        "dateReserved": "2025-08-05T11:53:15.931Z",
        "dateUpdated": "2026-07-06T11:05:59.157Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1248 (GCVE-0-2024-1248)

    Vulnerability from cvelistv5 – Published: 2026-07-04 20:38 – Updated: 2026-07-06 13:50
    VLAI
    Title
    Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation
    Summary
    The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user. Exploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker's knowledge of a local user's username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-298 - Improper Handling of Identity During Provisioning
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Manager Unknown: 0 , < 3.0.0 (custom)
    Affected: 3.0.0 , < 3.0.0.153 (custom)
    Affected: 3.1.0 , < 3.1.0.267 (custom)
    Affected: 3.2.0 , < 3.2.0.351 (custom)
    Affected: 4.0.0 , < 4.0.0.269 (custom)
    Affected: 4.1.0 , < 4.1.0.169 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.8.0 (custom)
    Affected: 5.8.0 , < 5.8.0.101 (custom)
    Affected: 5.9.0 , < 5.9.0.138 (custom)
    Affected: 5.10.0 , < 5.10.0.284 (custom)
    Affected: 5.11.0 , < 5.11.0.321 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server as Key Manager Unknown: 0 , < 5.9.0 (custom)
    Affected: 5.9.0 , < 5.9.0.148 (custom)
    Affected: 5.10.0 , < 5.10.0.280 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking AM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.313 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking IAM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.333 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1248",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:50:04.702382Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:50:13.770Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.0.153",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.0.267",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.351",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.269",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.169",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.8.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.8.0.101",
                  "status": "affected",
                  "version": "5.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.9.0.138",
                  "status": "affected",
                  "version": "5.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.284",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.11.0.321",
                  "status": "affected",
                  "version": "5.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server as Key Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.9.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.9.0.148",
                  "status": "affected",
                  "version": "5.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.280",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking AM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.313",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking IAM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.333",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user.\n\nExploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker\u0027s knowledge of a local user\u0027s username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator."
                }
              ],
              "value": "The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users with roles assigned to the federated user.\n\nExploitation requires a federated identity provider (IDP) with silent JIT provisioning enabled and an attacker\u0027s knowledge of a local user\u0027s username. When these conditions are met, a malicious individual can leverage the JIT provisioning process to modify the roles of local users. The overwritten roles are limited to those defined within the federated IDP, typically granting minimal access rights unless explicitly configured otherwise by the federated IDP administrator."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-26",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-26 CAPEC-26: Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-298",
                  "description": "CWE-298: Improper Handling of Identity During Provisioning",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T20:38:49.590Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3179/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3179/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3179/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3179/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2024-3179",
            "discovery": "INTERNAL"
          },
          "title": "Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2024-1248",
        "datePublished": "2026-07-04T20:38:49.590Z",
        "dateReserved": "2024-02-06T04:46:46.449Z",
        "dateUpdated": "2026-07-06T13:50:13.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13475 (GCVE-0-2025-13475)

    Vulnerability from cvelistv5 – Published: 2026-07-04 12:49 – Updated: 2026-07-06 13:55
    VLAI
    Title
    Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure
    Summary
    In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing. This vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Access of Unprotected Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.382 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.457 (custom)
    Affected: 3.2.1 , < 3.2.1.76 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13475",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:55:17.820652Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:55:26.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.382",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.457",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.76",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing.\n\nThis vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy."
                }
              ],
              "value": "In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, leading to unintended cross-tenant consent sharing.\n\nThis vulnerability may result in the exposure of user data across tenants, enabling SaaS applications in different tenants to access and modify information without explicit user authorization. This can lead to unauthorized data access and privacy violations. This vulnerability has no impact if the deployment does not support multi-tenancy."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-35",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-35 CAPEC-35: Accessing Unprotected Resources"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288: Access of Unprotected Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T12:49:06.782Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-1613/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-1613/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-1613/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-1613/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-1613",
            "discovery": "INTERNAL"
          },
          "title": "Cross-Tenant Access via Application Consent Mismanagement in Multiple WSO2 Products Allows Unauthorized Data Exposure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-13475",
        "datePublished": "2026-07-04T12:49:06.782Z",
        "dateReserved": "2025-11-20T12:17:18.234Z",
        "dateUpdated": "2026-07-06T13:55:26.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2053 (GCVE-0-2026-2053)

    Vulnerability from cvelistv5 – Published: 2026-06-26 07:26 – Updated: 2026-06-26 16:10
    VLAI
    Title
    Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager
    Summary
    The WSO2 API Manager's message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests. Successful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Manager Unknown: 0 , < 3.1.0 (custom)
    Affected: 3.1.0 , < 3.1.0.360 (custom)
    Affected: 3.2.0 , < 3.2.0.465 (custom)
    Affected: 3.2.1 , < 3.2.1.84 (custom)
    Affected: 4.0.0 , < 4.0.0.385 (custom)
    Affected: 4.2.0 , < 4.2.0.189 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-26T16:09:25.936561Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-26T16:10:15.803Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.1.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.0.360",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.465",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.84",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.385",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.189",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The WSO2 API Manager\u0027s message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests.\n\nSuccessful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks."
                }
              ],
              "value": "The WSO2 API Manager\u0027s message flow component, when processing WS-Addressing headers, does not sufficiently validate or restrict user-controlled input within these headers. This omission allows an attacker to manipulate WS-Addressing headers to specify arbitrary destinations for server-initiated requests.\n\nSuccessful exploitation allows an unauthenticated attacker to control the destination of server-initiated requests originating from the WSO2 API Manager. This direct control can enable unauthorized access to internal network resources or services that would typically be inaccessible from external networks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-595",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-595 Server-Side Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-26T07:26:15.311Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5072/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5072/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5072/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2026-5072/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2026-5072",
            "discovery": "INTERNAL"
          },
          "title": "Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2026-2053",
        "datePublished": "2026-06-26T07:26:15.311Z",
        "dateReserved": "2026-02-06T06:12:48.334Z",
        "dateUpdated": "2026-06-26T16:10:15.803Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10470 (GCVE-0-2025-10470)

    Vulnerability from cvelistv5 – Published: 2026-05-11 10:16 – Updated: 2026-05-11 12:38
    VLAI
    Title
    Denial-of-Service via Magic Link Authentication in WSO2 Identity Server Allows Service Unavailability
    Summary
    The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Affected: 7.0.0 , < 7.0.0.121 (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon MagicLink Authenticator Module Affected: 1.1.22 , < 1.1.22.3 (custom)
    Unaffected: 1.1.31 , ≤ * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T12:38:30.354857Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T12:38:39.383Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "7.0.0.121",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.identity.local.auth.magiclink:org.wso2.carbon.identity.application.authenticator.magiclink",
              "product": "WSO2 Carbon MagicLink Authenticator Module",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.1.22.3",
                  "status": "affected",
                  "version": "1.1.22",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "1.1.31",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.0.121",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.22.3",
                      "versionStartIncluding": "1.1.22",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "1.1.31",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth.\n\nThis vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger."
                }
              ],
              "value": "The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth.\n\nThis vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-132",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-132 CAPEC-132: Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T10:16:52.358Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4469",
            "discovery": "INTERNAL"
          },
          "title": "Denial-of-Service via Magic Link Authentication in WSO2 Identity Server Allows Service Unavailability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-10470",
        "datePublished": "2026-05-11T10:16:52.358Z",
        "dateReserved": "2025-09-15T08:51:01.163Z",
        "dateUpdated": "2026-05-11T12:38:39.383Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-9973 (GCVE-0-2025-9973)

    Vulnerability from cvelistv5 – Published: 2026-05-11 10:12 – Updated: 2026-05-11 15:18
    VLAI
    Title
    Authorization Bypass via Adaptive Authentication in WSO2 Identity Server Allows Cross-Organization Account Takeover
    Summary
    Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations. A malicious actor with privileges to configure adaptive authentication within one organization can leverage this functionality to execute authentication logic on other organizations and sub-organizations. This flaw allows bypassing authorization boundaries between organizations, leading to unauthorized access to critical operations and user accounts in other organizations. When adaptive authentication is enabled in a multi-organization deployment, a malicious actor with privileges to configure adaptive authentication in one organization could exploit this feature to perform critical operations in other organizations without authorization. This may result in privilege escalation, unauthorized access to resources, and potential account takeover across organizations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Affected: 7.1.0 , < 7.1.0.26 (custom)
    Create a notification for this product.
    WSO2 Conditional Authentication User and Roles Related Functions Affected: 1.2.76 , < 1.2.76.1 (custom)
    Unaffected: 1.2.82 , ≤ * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9973",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T15:18:34.283042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T15:18:59.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "7.1.0.26",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.identity.conditional.auth.functions:org.wso2.carbon.identity.conditional.auth.functions.user",
              "product": "Conditional Authentication User and Roles Related Functions",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.2.76.1",
                  "status": "affected",
                  "version": "1.2.76",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "1.2.82",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.26",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:conditional_authentication_user_and_roles_related_functions:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.76.1",
                      "versionStartIncluding": "1.2.76",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:conditional_authentication_user_and_roles_related_functions:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "1.2.82",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations. A malicious actor with privileges to configure adaptive authentication within one organization can leverage this functionality to execute authentication logic on other organizations and sub-organizations.\n\nThis flaw allows bypassing authorization boundaries between organizations, leading to unauthorized access to critical operations and user accounts in other organizations. When adaptive authentication is enabled in a multi-organization deployment, a malicious actor with privileges to configure adaptive authentication in one organization could exploit this feature to perform critical operations in other organizations without authorization. This may result in privilege escalation, unauthorized access to resources, and potential account takeover across organizations."
                }
              ],
              "value": "Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations. A malicious actor with privileges to configure adaptive authentication within one organization can leverage this functionality to execute authentication logic on other organizations and sub-organizations.\n\nThis flaw allows bypassing authorization boundaries between organizations, leading to unauthorized access to critical operations and user accounts in other organizations. When adaptive authentication is enabled in a multi-organization deployment, a malicious actor with privileges to configure adaptive authentication in one organization could exploit this feature to perform critical operations in other organizations without authorization. This may result in privilege escalation, unauthorized access to resources, and potential account takeover across organizations."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-601",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-601 CAPEC-601: Access Control"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T10:12:39.547Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4530/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4530/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4530/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4530/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4530",
            "discovery": "INTERNAL"
          },
          "title": "Authorization Bypass via Adaptive Authentication in WSO2 Identity Server Allows Cross-Organization Account Takeover",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-9973",
        "datePublished": "2026-05-11T10:12:39.547Z",
        "dateReserved": "2025-09-04T08:21:53.892Z",
        "dateUpdated": "2026-05-11T15:18:59.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8325 (GCVE-0-2025-8325)

    Vulnerability from cvelistv5 – Published: 2026-05-11 09:37 – Updated: 2026-05-11 12:41
    VLAI
    Title
    Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations
    Summary
    The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x versions. A malicious actor with a valid user account on a vulnerable deployment can perform sensitive operations against the Gateway REST API regardless of their actual roles or privileges. This could lead to unintended behavior or misuse, particularly in production environments.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-281 - Assigning Permissions Instead of Checking Them
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Control Plane Affected: 4.5.0 , < 4.5.0.18 (custom)
    Create a notification for this product.
    WSO2 WSO2 Universal Gateway Affected: 4.5.0 , < 4.5.0.17 (custom)
    Create a notification for this product.
    WSO2 WSO2 Traffic Manager Affected: 4.5.0 , < 4.5.0.17 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 3.2.0 (custom)
    Affected: 3.2.0 , < 3.2.0.435 (custom)
    Affected: 3.2.1 , < 3.2.1.55 (custom)
    Affected: 4.0.0 , < 4.0.0.355 (custom)
    Affected: 4.1.0 , < 4.1.0.219 (custom)
    Affected: 4.2.0 , < 4.2.0.157 (custom)
    Affected: 4.3.0 , < 4.3.0.70 (custom)
    Affected: 4.4.0 , < 4.4.0.33 (custom)
    Affected: 4.5.0 , < 4.5.0.17 (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon API Management Implementation Affected: 6.7.206 , < 6.7.206.563 (custom)
    Affected: 6.7.210 , < 6.7.210.55 (custom)
    Affected: 9.0.174 , < 9.0.174.513 (custom)
    Affected: 9.20.74 , < 9.20.74.375 (custom)
    Affected: 9.28.116 , < 9.28.116.352 (custom)
    Affected: 9.29.120 , < 9.29.120.177 (custom)
    Affected: 9.30.67 , < 9.30.67.100 (custom)
    Affected: 9.31.86 , < 9.31.86.58 (custom)
    Unaffected: 9.32.75 , ≤ * (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon API Manager Rest API Utility Affected: 6.7.206 , < 6.7.206.563 (custom)
    Affected: 6.7.210 , < 6.7.210.55 (custom)
    Affected: 9.0.174 , < 9.0.174.513 (custom)
    Affected: 9.20.74 , < 9.20.74.375 (custom)
    Affected: 9.28.116 , < 9.28.116.352 (custom)
    Affected: 9.29.120 , < 9.29.120.177 (custom)
    Affected: 9.30.67 , < 9.30.67.100 (custom)
    Affected: 9.31.86 , < 9.31.86.58 (custom)
    Unaffected: 9.32.75 , ≤ * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8325",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T12:41:13.926378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T12:41:26.715Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Control Plane",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.18",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Universal Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.17",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Traffic Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.17",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.435",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.55",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.355",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.219",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.157",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.70",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.0.33",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.0.17",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl",
              "product": "WSO2 Carbon API Management Implementation",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "6.7.206.563",
                  "status": "affected",
                  "version": "6.7.206",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.210.55",
                  "status": "affected",
                  "version": "6.7.210",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.0.174.513",
                  "status": "affected",
                  "version": "9.0.174",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.20.74.375",
                  "status": "affected",
                  "version": "9.20.74",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.28.116.352",
                  "status": "affected",
                  "version": "9.28.116",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.29.120.177",
                  "status": "affected",
                  "version": "9.29.120",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.30.67.100",
                  "status": "affected",
                  "version": "9.30.67",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.31.86.58",
                  "status": "affected",
                  "version": "9.31.86",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "9.32.75",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.rest.api.util",
              "product": "WSO2 Carbon API Manager Rest API Utility",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "6.7.206.563",
                  "status": "affected",
                  "version": "6.7.206",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.210.55",
                  "status": "affected",
                  "version": "6.7.210",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.0.174.513",
                  "status": "affected",
                  "version": "9.0.174",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.20.74.375",
                  "status": "affected",
                  "version": "9.20.74",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.28.116.352",
                  "status": "affected",
                  "version": "9.28.116",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.29.120.177",
                  "status": "affected",
                  "version": "9.29.120",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.30.67.100",
                  "status": "affected",
                  "version": "9.30.67",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.31.86.58",
                  "status": "affected",
                  "version": "9.31.86",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "9.32.75",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.18",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.17",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.17",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.0.435",
                      "versionStartIncluding": "3.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.2.1.55",
                      "versionStartIncluding": "3.2.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.0.0.355",
                      "versionStartIncluding": "4.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.219",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.157",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.70",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.4.0.33",
                      "versionStartIncluding": "4.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.17",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.206.563",
                      "versionStartIncluding": "6.7.206",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.210.55",
                      "versionStartIncluding": "6.7.210",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.174.513",
                      "versionStartIncluding": "9.0.174",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.20.74.375",
                      "versionStartIncluding": "9.20.74",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.28.116.352",
                      "versionStartIncluding": "9.28.116",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.29.120.177",
                      "versionStartIncluding": "9.29.120",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.30.67.100",
                      "versionStartIncluding": "9.30.67",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.31.86.58",
                      "versionStartIncluding": "9.31.86",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "9.32.75",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.206.563",
                      "versionStartIncluding": "6.7.206",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.7.210.55",
                      "versionStartIncluding": "6.7.210",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.174.513",
                      "versionStartIncluding": "9.0.174",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.20.74.375",
                      "versionStartIncluding": "9.20.74",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.28.116.352",
                      "versionStartIncluding": "9.28.116",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.29.120.177",
                      "versionStartIncluding": "9.29.120",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.30.67.100",
                      "versionStartIncluding": "9.30.67",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.31.86.58",
                      "versionStartIncluding": "9.31.86",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_manager_rest_api_utility:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "9.32.75",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the \u0027Internal/Everyone\u0027 role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x versions.\n\nA malicious actor with a valid user account on a vulnerable deployment can perform sensitive operations against the Gateway REST API regardless of their actual roles or privileges. This could lead to unintended behavior or misuse, particularly in production environments."
                }
              ],
              "value": "The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the \u0027Internal/Everyone\u0027 role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x versions.\n\nA malicious actor with a valid user account on a vulnerable deployment can perform sensitive operations against the Gateway REST API regardless of their actual roles or privileges. This could lead to unintended behavior or misuse, particularly in production environments."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-558",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-558 CAPEC-558: Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281: Assigning Permissions Instead of Checking Them",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T09:37:16.152Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4401/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4401/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4401/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4401/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4401",
            "discovery": "INTERNAL"
          },
          "title": "Improper Access Control via Gateway API in Multiple WSO2 Products Allows Unauthorized Operations",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-8325",
        "datePublished": "2026-05-11T09:37:16.152Z",
        "dateReserved": "2025-07-30T06:56:38.447Z",
        "dateUpdated": "2026-05-11T12:41:26.715Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8154 (GCVE-0-2025-8154)

    Vulnerability from cvelistv5 – Published: 2026-05-11 09:30 – Updated: 2026-05-11 12:43
    VLAI
    Title
    HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation
    Summary
    In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses. By exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP response headers. This can lead to various adverse effects, including the manipulation of browser caching, alteration of security-related headers, and the injection of sensitive information such as cookie values, potentially enabling session hijacking or other malicious activities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 API Manager Unknown: 0 , < 4.1.0 (custom)
    Affected: 4.1.0 , < 4.1.0.218 (custom)
    Affected: 4.2.0 , < 4.2.0.164 (custom)
    Affected: 4.3.0 , < 4.3.0.74 (custom)
    Affected: 4.4.0 , < 4.4.0.38 (custom)
    Affected: 4.5.0 , < 4.5.0.20 (custom)
    Create a notification for this product.
    WSO2 WSO2 Universal Gateway Affected: 4.5.0 , < 4.5.0.19 (custom)
    Create a notification for this product.
    WSO2 WSO2 Traffic Manager Affected: 4.5.0 , < 4.5.0.19 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Control Plane Affected: 4.5.0 , < 4.5.0.21 (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon API Gateway Affected: 9.20.74 , < 9.20.74.374 (custom)
    Affected: 9.28.116 , < 9.28.116.363 (custom)
    Affected: 9.29.120 , < 9.29.120.181 (custom)
    Affected: 9.30.67 , < 9.30.67.104 (custom)
    Affected: 9.31.86 , < 9.31.86.64 (custom)
    Unaffected: 9.32.2 , ≤ * (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon API Management Implementation Affected: 9.20.74 , < 9.20.74.374 (custom)
    Affected: 9.28.116 , < 9.28.116.363 (custom)
    Affected: 9.29.120 , < 9.29.120.181 (custom)
    Affected: 9.30.67 , < 9.30.67.104 (custom)
    Affected: 9.31.86 , < 9.31.86.64 (custom)
    Unaffected: 9.32.2 , ≤ * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8154",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T12:43:38.026738Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T12:43:47.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.1.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.218",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.164",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.74",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.0.38",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.0.20",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Universal Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.19",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Traffic Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.19",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Control Plane",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.5.0.21",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.gateway",
              "product": "WSO2 Carbon API Gateway",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "9.20.74.374",
                  "status": "affected",
                  "version": "9.20.74",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.28.116.363",
                  "status": "affected",
                  "version": "9.28.116",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.29.120.181",
                  "status": "affected",
                  "version": "9.29.120",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.30.67.104",
                  "status": "affected",
                  "version": "9.30.67",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.31.86.64",
                  "status": "affected",
                  "version": "9.31.86",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "9.32.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.impl",
              "product": "WSO2 Carbon API Management Implementation",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "9.20.74.374",
                  "status": "affected",
                  "version": "9.20.74",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.28.116.363",
                  "status": "affected",
                  "version": "9.28.116",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.29.120.181",
                  "status": "affected",
                  "version": "9.29.120",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.30.67.104",
                  "status": "affected",
                  "version": "9.30.67",
                  "versionType": "custom"
                },
                {
                  "lessThan": "9.31.86.64",
                  "status": "affected",
                  "version": "9.31.86",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "9.32.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.218",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.2.0.164",
                      "versionStartIncluding": "4.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.3.0.74",
                      "versionStartIncluding": "4.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.4.0.38",
                      "versionStartIncluding": "4.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.20",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_universal_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.19",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_traffic_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.19",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_api_control_plane:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.5.0.21",
                      "versionStartIncluding": "4.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.20.74.374",
                      "versionStartIncluding": "9.20.74",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.28.116.363",
                      "versionStartIncluding": "9.28.116",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.29.120.181",
                      "versionStartIncluding": "9.29.120",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.30.67.104",
                      "versionStartIncluding": "9.30.67",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.31.86.64",
                      "versionStartIncluding": "9.31.86",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_gateway:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "9.32.2",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.20.74.374",
                      "versionStartIncluding": "9.20.74",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.28.116.363",
                      "versionStartIncluding": "9.28.116",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.29.120.181",
                      "versionStartIncluding": "9.29.120",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.30.67.104",
                      "versionStartIncluding": "9.30.67",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.31.86.64",
                      "versionStartIncluding": "9.31.86",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_api_management_implementation:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "9.32.2",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses.\n\nBy exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP response headers. This can lead to various adverse effects, including the manipulation of browser caching, alteration of security-related headers, and the injection of sensitive information such as cookie values, potentially enabling session hijacking or other malicious activities."
                }
              ],
              "value": "In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses.\n\nBy exploiting this vulnerability, a malicious actor can inject or overwrite arbitrary HTTP response headers. This can lead to various adverse effects, including the manipulation of browser caching, alteration of security-related headers, and the injection of sensitive information such as cookie values, potentially enabling session hijacking or other malicious activities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-118",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-118 CAPEC-118: HTTP Response Splitting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T09:43:39.282Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4410/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4410/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4410/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4410/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4410/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4410",
            "discovery": "INTERNAL"
          },
          "title": "HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-8154",
        "datePublished": "2026-05-11T09:30:36.027Z",
        "dateReserved": "2025-07-25T06:42:23.104Z",
        "dateUpdated": "2026-05-11T12:43:47.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10908 (GCVE-0-2025-10908)

    Vulnerability from cvelistv5 – Published: 2026-05-11 09:01 – Updated: 2026-05-11 18:38
    VLAI
    Title
    Account Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized Access
    Summary
    Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow unauthorized access to applications and sensitive data associated with accounts that should have been restricted via the account lock mechanism. It also undermines the effectiveness of the account lock mechanism intended to prevent further login attempts.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 6.0.0 (custom)
    Affected: 6.0.0 , < 6.0.0.249 (custom)
    Affected: 6.1.0 , < 6.1.0.248 (custom)
    Affected: 7.0.0 , < 7.0.0.124 (custom)
    Affected: 7.1.0 , < 7.1.0.31 (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon MagicLink Authenticator Module Affected: 1.1.0 , < 1.1.0.1 (custom)
    Affected: 1.1.5 , < 1.1.5.2 (custom)
    Affected: 1.1.22 , < 1.1.22.5 (custom)
    Affected: 1.1.31 , < 1.1.31.2 (custom)
    Unaffected: 1.1.43 , ≤ * (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10908",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T18:37:41.307369Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T18:38:02.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "6.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.0.249",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.0.248",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0.0.124",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.1.0.31",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.identity.local.auth.magiclink:org.wso2.carbon.identity.application.authenticator.magiclink",
              "product": "WSO2 Carbon MagicLink Authenticator Module",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.1.0.1",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.1.5.2",
                  "status": "affected",
                  "version": "1.1.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.1.22.5",
                  "status": "affected",
                  "version": "1.1.22",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.1.31.2",
                  "status": "affected",
                  "version": "1.1.31",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "1.1.43",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.0.249",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.0.248",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.0.124",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.31",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.0.1",
                      "versionStartIncluding": "1.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.5.2",
                      "versionStartIncluding": "1.1.5",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.22.5",
                      "versionStartIncluding": "1.1.22",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.1.31.2",
                      "versionStartIncluding": "1.1.31",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_magiclink_authenticator_module:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "1.1.43",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked.\n\nThis vulnerability may allow unauthorized access to applications and sensitive data associated with accounts that should have been restricted via the account lock mechanism. It also undermines the effectiveness of the account lock mechanism intended to prevent further login attempts."
                }
              ],
              "value": "Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked.\n\nThis vulnerability may allow unauthorized access to applications and sensitive data associated with accounts that should have been restricted via the account lock mechanism. It also undermines the effectiveness of the account lock mechanism intended to prevent further login attempts."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-538",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-538 CAPEC-538: Bypass Authentication"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T09:01:43.938Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4388/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4388/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4388/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4388/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4388",
            "discovery": "INTERNAL"
          },
          "title": "Account Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized Access",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-10908",
        "datePublished": "2026-05-11T09:01:43.938Z",
        "dateReserved": "2025-09-24T09:32:17.201Z",
        "dateUpdated": "2026-05-11T18:38:02.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-0391 (GCVE-0-2024-0391)

    Vulnerability from cvelistv5 – Published: 2026-05-11 08:45 – Updated: 2026-05-11 12:46
    VLAI
    Title
    Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery
    Summary
    The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts. The discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage this information to craft targeted phishing campaigns or other malicious activities aimed at tricking users into divulging sensitive data, potentially damaging the organization's reputation and leading to regulatory non-compliance and financial consequences.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable response discrepancy
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.379 (custom)
    Affected: 5.11.0 , < 5.11.0.426 (custom)
    Affected: 5.11.0 , < 5.11.0.431 (custom)
    Affected: 6.0.0 , < 6.0.0.253 (custom)
    Affected: 6.1.0 , < 6.1.0.254 (custom)
    Affected: 7.0.0 , < 7.0.0.131 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking IAM Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.318 (custom)
    Create a notification for this product.
    WSO2 WSO2 Identity Server as Key Manager Unknown: 0 , < 5.10.0 (custom)
    Affected: 5.10.0 , < 5.10.0.267 (custom)
    Create a notification for this product.
    WSO2 Email OTP Authenticator Affected: 1.0.18 , < 1.0.18.7 (custom)
    Unaffected: 1.0.24 , ≤ * (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon Authenticator Library For EmailOTP Affected: 4.1.0 , < 4.1.0.8 (custom)
    Affected: 4.1.4 , < 4.1.4.9 (custom)
    Unaffected: 4.1.22 , ≤ * (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon Authenticator Library For EmailOTP Affected: 3.0.5 , < 3.0.5.8 (custom)
    Affected: 3.0.24 , < 3.0.24.6 (custom)
    Affected: 3.0.26 , < 3.0.26.16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0391",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T12:45:51.278289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T12:46:03.691Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.379",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.11.0.426",
                  "status": "affected",
                  "version": "5.11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.11.0.431",
                  "status": "affected",
                  "version": "5.11.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.0.253",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.0.254",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0.0.131",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking IAM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.318",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server as Key Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.10.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.10.0.267",
                  "status": "affected",
                  "version": "5.10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.identity.local.auth.emailotp:org.wso2.carbon.identity.local.auth.emailotp",
              "product": "Email OTP Authenticator",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.0.18.7",
                  "status": "affected",
                  "version": "1.0.18",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "1.0.24",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.extension.identity.authenticator.outbound.emailotp:org.wso2.carbon.identity.authenticator.emailotp",
              "product": "WSO2 Carbon Authenticator Library For EmailOTP",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.1.0.8",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.4.9",
                  "status": "affected",
                  "version": "4.1.4",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "4.1.22",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.extension.identity.authenticator.outbound.emailotp:org.wso2.carbon.extension.identity.authenticator.emailotp.connector",
              "product": "WSO2 Carbon Authenticator Library For EmailOTP",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "3.0.5.8",
                  "status": "affected",
                  "version": "3.0.5",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.24.6",
                  "status": "affected",
                  "version": "3.0.24",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.26.16",
                  "status": "affected",
                  "version": "3.0.26",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.379",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.11.0.426",
                      "versionStartIncluding": "5.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.11.0.431",
                      "versionStartIncluding": "5.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.0.253",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.1.0.254",
                      "versionStartIncluding": "6.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.0.131",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.0.318",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.10.0.267",
                      "versionStartIncluding": "5.10.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:email_otp_authenticator:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.0.18.7",
                      "versionStartIncluding": "1.0.18",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:email_otp_authenticator:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "1.0.24",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.0.8",
                      "versionStartIncluding": "4.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.1.4.9",
                      "versionStartIncluding": "4.1.4",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "4.1.22",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.5.8",
                      "versionStartIncluding": "3.0.5",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.24.6",
                      "versionStartIncluding": "3.0.24",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_carbon_authenticator_library_for_emailotp:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.26.16",
                      "versionStartIncluding": "3.0.26",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts.\n\nThe discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage this information to craft targeted phishing campaigns or other malicious activities aimed at tricking users into divulging sensitive data, potentially damaging the organization\u0027s reputation and leading to regulatory non-compliance and financial consequences."
                }
              ],
              "value": "The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts.\n\nThe discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage this information to craft targeted phishing campaigns or other malicious activities aimed at tricking users into divulging sensitive data, potentially damaging the organization\u0027s reputation and leading to regulatory non-compliance and financial consequences."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-249",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-249 CAPEC-249: Inferential Information Gathering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Observable response discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T08:45:33.754Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2024-3115",
            "discovery": "INTERNAL"
          },
          "title": "Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2024-0391",
        "datePublished": "2026-05-11T08:45:33.754Z",
        "dateReserved": "2024-01-10T09:02:14.122Z",
        "dateUpdated": "2026-05-11T12:46:03.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-10503 (GCVE-0-2025-10503)

    Vulnerability from cvelistv5 – Published: 2026-04-29 08:08 – Updated: 2026-04-29 12:28
    VLAI
    Title
    Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity Server
    Summary
    The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this vulnerability to redirect the user's browser to a malicious website, modify the user interface of the web page, retrieve information from the browser, or cause other harmful actions. However, due to the protection of session-related cookies with the httpOnly flag, session hijacking is not possible.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Affected: 7.1.0 , < 7.1.0.28 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10503",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-29T12:28:07.158383Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-29T12:28:52.278Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "7.1.0.28",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.1.0.28",
                      "versionStartIncluding": "7.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting.\n\nAn attacker can leverage this vulnerability to redirect the user\u0027s browser to a malicious website, modify the user interface of the web page, retrieve information from the browser, or cause other harmful actions. However, due to the protection of session-related cookies with the httpOnly flag, session hijacking is not possible."
                }
              ],
              "value": "The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting.\n\nAn attacker can leverage this vulnerability to redirect the user\u0027s browser to a malicious website, modify the user interface of the web page, retrieve information from the browser, or cause other harmful actions. However, due to the protection of session-related cookies with the httpOnly flag, session hijacking is not possible."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-20",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-20 CAPEC-20: Cross-site Scripting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-29T08:08:37.335Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4577/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4577/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4577/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4577/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4577",
            "discovery": "INTERNAL"
          },
          "title": "Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 Identity Server",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-10503",
        "datePublished": "2026-04-29T08:08:37.335Z",
        "dateReserved": "2025-09-16T04:58:57.289Z",
        "dateUpdated": "2026-04-29T12:28:52.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12624 (GCVE-0-2025-12624)

    Vulnerability from cvelistv5 – Published: 2026-04-16 10:25 – Updated: 2026-04-16 12:30
    VLAI
    Title
    Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock
    Summary
    Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security consequence is that a locked user account can maintain access to protected resources through the use of existing, unexpired access tokens. This creates a security gap where access control policies are bypassed, potentially leading to unauthorized data access or actions until the tokens naturally expire.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-613 - Insufficient Session Expiration
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Identity Server Unknown: 0 , < 5.2.0 (custom)
    Affected: 5.2.0 , < 5.2.0.35 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12624",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T12:19:51.834842Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-16T12:30:14.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Identity Server",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "5.2.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.2.0.35",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "5.2.0.35",
                      "versionStartIncluding": "5.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts.\n\nThe security consequence is that a locked user account can maintain access to protected resources through the use of existing, unexpired access tokens. This creates a security gap where access control policies are bypassed, potentially leading to unauthorized data access or actions until the tokens naturally expire."
                }
              ],
              "value": "Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts.\n\nThe security consequence is that a locked user account can maintain access to protected resources through the use of existing, unexpired access tokens. This creates a security gap where access control policies are bypassed, potentially leading to unauthorized data access or actions until the tokens naturally expire."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-149",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-149 CAPEC-149: Session Token Handling"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "CWE-613: Insufficient Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T10:25:19.789Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4684/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2025-4684",
            "discovery": "INTERNAL"
          },
          "title": "Improper Token Invalidation in WSO2 Identity Server Allows Access After Account Lock",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2025-12624",
        "datePublished": "2026-04-16T10:25:19.789Z",
        "dateReserved": "2025-11-03T06:20:27.950Z",
        "dateUpdated": "2026-04-16T12:30:14.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }