CVE-2026-13512 | Databend up to 1.2.881 on HTTP Tenant client_session_manager.rs state_key authorization (Issue 19930)

Inserito da Angelo Barbosa | Giu 28, 2026 | CVE

A vulnerability was found in Databend up to 1.2.881 on HTTP. It has been classified as problematic. This affects the function ClientSessionManager::state_key of the file src/query/service/src/servers/http/v1/session/client_session_manager.rs of the component Tenant Handler. The manipulation leads to authorization bypass.

This vulnerability is traded as CVE-2026-13512. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The pull request to fix this issue awaits acceptance.

CVE-2026-13512 | Databend up to 1.2.881 on HTTP Tenant client_session_manager.rs state_key authorization (Issue 19930)

Post correlati

CVE-2025-25064 | Zimbra Collaboration Suite up to 10.0.11/10.1.3 ZimbraSyncService SOAP Endpoint sql injection

CVE-2024-50127 | Linux Kernel up to 5.15.169/6.1.114/6.6.58/6.11.5 taprio_change use after free

CVE-2024-10185 | StreamWeasels YouTube Integration Plugin up to 1.3.2 on WordPress Shortcode sw-youtube-embed cross site scripting

CVE-2024-7703 | reputeinfosystems ARMember Plugin up to 4.0.37 on WordPress SVG File cross site scripting