CVE-2026-25050 | vendurehq vendure up to 3.5.2 native-authentication-strategy.ts NativeAuthenticationStrategy.authenticate information exposure

A vulnerability, which was classified as problematic, was found in vendurehq vendure up to 3.5.2. This impacts the function NativeAuthenticationStrategy.authenticate of the file packages/core/src/config/auth/native-authentication-strategy.ts. The manipulation results in exposure of sensitive information through data queries.

This vulnerability is identified as CVE-2026-25050. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-25050 | vendurehq vendure up to 3.5.2 native-authentication-strategy.ts NativeAuthenticationStrategy.authenticate information exposure

Post correlati

CVE-2023-47124 | Traefik 2.10.5/3.0.0-beta4 HTTPChallenge Slowloris release of resource (GHSA-8g85-whqh-cr2f)

CVE-2024-1957 | GiveWP Plugin up to 3.6.1 on WordPress Shortcode cross site scripting

CVE-2025-7597 | Tenda AX1803 1.0.0.1 /goform/setMacFilterCfg formSetMacFilterCfg deviceList stack-based overflow

CVE-2025-7694 | Woffice Core Plugin up to 5.4.26 on WordPress woffice_file_manager_delete denial of service