Which versions of Session Fixation are affected by CVE-2026-2177?

A high-severity vulnerability in SourceCodester Prison Management System 1.0 affects the login component and poses immediate risk to user authentication and system access control.

Is there a public PoC exploit available for CVE-2026-2177?

Yes, a public proof-of-concept exploit is available for CVE-2026-2177. Prioritise patching immediately. EPSS: 0.0%.

Session Fixation CVE-2026-2177

Q: What is the CVSS score of CVE-2026-2177?

CVE-2026-2177 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

MEDIUM

Session Fixation (CWE-384)

2026-02-08 cna@vuldb.com

Information Disclosure Session Fixation

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

HIGH MEDIUM

CVSS changed

Apr 29, 2026 - 01:11 NVD

7.3 (HIGH) 5.5 (MEDIUM)

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 10, 2026 - 13:50 vuln.today

Public exploit code

CVE Published

Feb 08, 2026 - 19:16 nvd

HIGH 7.3

DescriptionNVD

A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

SourceCodester Prison Management System 1.0 contains a session fixation vulnerability in its login component that allows unauthenticated remote attackers to hijack user sessions. Public exploit code exists for this vulnerability, which enables attackers to impersonate legitimate users and gain unauthorized access to the system. …

RemediationAI

Within 24 hours: Inventory all systems running Prison Management System 1.0 and isolate them from production networks if possible; enable enhanced logging and monitoring on login attempts. Within 7 days: Implement network-based access controls (WAF/IPS rules) to block exploit patterns if identifiable; contact SourceCodester for patch timeline and workaround guidance; conduct security assessment of any login anomalies. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-2177 vulnerability details – vuln.today

Back

Session Fixation CVE-2026-2177

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Session Fixation CVE-2026-2177

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code