Skip to main content

HyperCloud CVE-2026-1842

Insufficient Session Expiration (CWE-613)
2026-02-20 0a72a055-908d-47f5-a16a-1f09049c16c6

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:04 vuln.today
CVE Published
Feb 20, 2026 - 17:25 nvd
N/A

DescriptionCVE.org

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime (default one year), an authenticated client could use a refresh token in place of an access token to maintain long-term access without token rotation. Additionally, old access tokens remained valid after refresh, enabling concurrent or extended use beyond intended session boundaries. This vulnerability could allow prolonged unauthorized access if a token is disclosed.

AnalysisAI

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used.

Technical ContextAI

Classified as CWE-613 (Insufficient Session Expiration). Affects HyperCloud versions 2.3.5. HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime (default one year), an authenticated client could use a refresh token in place of an access token to maintain long-term access without token rotation. Additionally, old access tokens remained valid after refresh, enabling concurrent or ex

Affected ProductsAI

Product: HyperCloud versions 2.3.5. Versions: up to 2.6.8.

RemediationAI

Monitor vendor advisories for a patch.

Share

CVE-2026-1842 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy