CVE-2026-4349 | Duende IdentityServer 4 Token Renewal Endpoint /connect/authorize id_token_hint improper authentication

A vulnerability was found in Duende IdentityServer 4. It has been rated as critical. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id_token_hint causes improper authentication.

The identification of this vulnerability is CVE-2026-4349. It is possible to initiate the attack remotely. There is no exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4349 | Duende IdentityServer 4 Token Renewal Endpoint /connect/authorize id_token_hint improper authentication

Post correlati

CVE-2024-51723 | BlackBerry AtHoc 7.15 Management Console cross site scripting

CVE-2023-48796 | Apache DolphinScheduler 3.0.0/3.0.1 information disclosure

CVE-2024-41120 | opengeos streamlit-geospatial 9_ gpd.read_file url server-side request forgery (GHSL-2024-100)

CVE-2024-46226 | HelpDeskZ up to 2.0.1 Administration Panel cross site scripting (Exploit 52068)