Skip to main content

CWE-672

Operation on a Resource after Expiration or Release

43 CVEs Avg CVSS 6.5 MITRE
4
CRITICAL
17
HIGH
18
MEDIUM
4
LOW
6
POC
0
KEV

Monthly

CVE-2026-53637 PHP MEDIUM PATCH GHSA This Month

Order data corruption and permanent deletion in Sylius affects authenticated customers across versions prior to 2.0.18, 2.1.15, and 2.2.6 due to a stale-state race condition in the cart LiveComponent. When an order transitions to STATE_COMPLETED while a customer's cart page remains open in a browser tab, subsequent cart actions - clearing, removing items, or adjusting quantities - are applied to the completed order rather than a fresh cart, irreversibly deleting or mutating finalized order records. No public exploit code has been identified at time of analysis, but the attack is trivially reproducible by any authenticated customer without specialized tooling, as the attacker can deliberately engineer the race condition by completing checkout in one tab while exploiting the stale cart in another.

Information Disclosure PHP
NVD GitHub
CVSS 3.1
6.5
CVE-2026-58291 MEDIUM PATCH This Month

Information disclosure in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 enables network-based attackers to expose sensitive browser data through a use-after-resource condition (CWE-672). Exploitation requires user interaction and high attack complexity, but the changed scope (S:C) indicates the flaw breaches browser isolation boundaries, yielding high confidentiality impact. No public exploit or active exploitation has been identified at time of analysis; vendor patch is available from Microsoft MSRC.

Information Disclosure Microsoft Google Microsoft Edge Chromium Based
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2026-56314 HIGH PATCH This Week

Logic flaw in Capgo before 12.128.12 lets authenticated attackers continue serving soft-deleted application bundles to end-user devices because the /updates endpoint omits an app_versions.deleted filter when joining channels. Affected operators of the Capgo live-update service (a CodePush-style OTA platform for Capacitor mobile apps) can have purged bundles re-selected and pushed downstream, undermining rollback and removal workflows. No public exploit identified at time of analysis and the issue is not present in CISA KEV.

Information Disclosure Capgo
NVD GitHub
CVSS 4.0
7.1
EPSS
0.3%
CVE-2026-2379 HIGH PATCH This Week

Information disclosure in Arista EOS on platforms with hardware IPsec support can occur when physical interface flaps or specific agent restarts cause IPsec tunnels to re-establish while reusing existing Security Associations, leading to sequence number mismatches between endpoints. The CVSS 4.0 base score of 8.2 reflects high confidentiality impact reachable over the network, though attack requirements (AT:P) indicate specific preconditions must be met. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Eos
NVD
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-33463 MEDIUM This Month

Expired access tokens in Kibana remain exploitable due to a logic error in expiration timestamp validation (CWE-672), allowing an unauthenticated actor who possesses an expired token to retrieve content it was originally scoped to access. The flaw affects all tracked Kibana versions per the NVD CPE wildcard, and Elastic has issued a security advisory (ESA-2026-33) with patch versions. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis. The CVSS 5.3 Medium score reflects constrained confidentiality impact with no integrity or availability consequence.

Information Disclosure Elastic
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-4053 Go LOW PATCH Monitor

Authenticated users in Mattermost 11.5.x through 11.5.1 and 10.11.x through 10.11.13 can modify post attachments, properties, and pin status beyond the configured edit time window. The vulnerability bypasses the PostEditTimeLimit control via patch and update API endpoints, allowing indefinite modification of non-message post metadata after the intended edit window expires. CVSS 3.1 (Low) reflects network vector with high complexity and low-privilege requirements, while no public exploit or CISA KEV listing exists at time of analysis.

Mattermost Information Disclosure
NVD VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-45005 npm MEDIUM PATCH This Month

OpenClaw before 2026.4.23 fails to invalidate cached webhook route secrets after rotation, allowing attackers with previously valid secrets to continue authenticating webhook requests and invoking task flows until gateway restart. The vulnerability affects SecretRef-backed webhook authentication where the resolved secret is cached at startup rather than re-resolved per request, weakening credential rotation effectiveness. Vendor-released patch available in version 2026.4.23.

Information Disclosure Openclaw
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
CVE-2013-10075 CRITICAL Act Now

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Suse Red Hat
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-43585 npm CRITICAL PATCH GHSA Act Now

Bearer token revocation bypass in OpenClaw gateway allows attackers to authenticate using rotated-out tokens until process restart. OpenClaw gateway HTTP and WebSocket handlers captured bearer authentication configuration at startup, failing to re-resolve credentials after SecretRef rotation. Attackers possessing a previously valid token can maintain unauthorized gateway access to /v1/* endpoints, /tools/invoke, plugin routes, and canvas upgrade paths even after operators rotate secrets, believing the old token is revoked. Fixed in version 2026.4.15. CVSS 9.2 reflects network-accessible attack with high complexity; no public exploit identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-1629 MEDIUM This Month

Mattermost 10.11.x through 10.11.10 fails to clear cached permalink preview data when a user's channel access is revoked, allowing authenticated users to view private channel content through previously cached previews until the cache expires or they re-login. An authenticated attacker who previously had access to a private channel can exploit this to maintain visibility into sensitive channel communications after access removal. A patch is not currently available for this medium-severity vulnerability.

Information Disclosure Mattermost
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVSS 6.5
MEDIUM PATCH This Month

Order data corruption and permanent deletion in Sylius affects authenticated customers across versions prior to 2.0.18, 2.1.15, and 2.2.6 due to a stale-state race condition in the cart LiveComponent. When an order transitions to STATE_COMPLETED while a customer's cart page remains open in a browser tab, subsequent cart actions - clearing, removing items, or adjusting quantities - are applied to the completed order rather than a fresh cart, irreversibly deleting or mutating finalized order records. No public exploit code has been identified at time of analysis, but the attack is trivially reproducible by any authenticated customer without specialized tooling, as the attacker can deliberately engineer the race condition by completing checkout in one tab while exploiting the stale cart in another.

Information Disclosure PHP
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Information disclosure in Microsoft Edge (Chromium-based) prior to version 150.0.4078.48 enables network-based attackers to expose sensitive browser data through a use-after-resource condition (CWE-672). Exploitation requires user interaction and high attack complexity, but the changed scope (S:C) indicates the flaw breaches browser isolation boundaries, yielding high confidentiality impact. No public exploit or active exploitation has been identified at time of analysis; vendor patch is available from Microsoft MSRC.

Information Disclosure Microsoft Google +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Logic flaw in Capgo before 12.128.12 lets authenticated attackers continue serving soft-deleted application bundles to end-user devices because the /updates endpoint omits an app_versions.deleted filter when joining channels. Affected operators of the Capgo live-update service (a CodePush-style OTA platform for Capacitor mobile apps) can have purged bundles re-selected and pushed downstream, undermining rollback and removal workflows. No public exploit identified at time of analysis and the issue is not present in CISA KEV.

Information Disclosure Capgo
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Information disclosure in Arista EOS on platforms with hardware IPsec support can occur when physical interface flaps or specific agent restarts cause IPsec tunnels to re-establish while reusing existing Security Associations, leading to sequence number mismatches between endpoints. The CVSS 4.0 base score of 8.2 reflects high confidentiality impact reachable over the network, though attack requirements (AT:P) indicate specific preconditions must be met. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Eos
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Expired access tokens in Kibana remain exploitable due to a logic error in expiration timestamp validation (CWE-672), allowing an unauthenticated actor who possesses an expired token to retrieve content it was originally scoped to access. The flaw affects all tracked Kibana versions per the NVD CPE wildcard, and Elastic has issued a security advisory (ESA-2026-33) with patch versions. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis. The CVSS 5.3 Medium score reflects constrained confidentiality impact with no integrity or availability consequence.

Information Disclosure Elastic
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Authenticated users in Mattermost 11.5.x through 11.5.1 and 10.11.x through 10.11.13 can modify post attachments, properties, and pin status beyond the configured edit time window. The vulnerability bypasses the PostEditTimeLimit control via patch and update API endpoints, allowing indefinite modification of non-message post metadata after the intended edit window expires. CVSS 3.1 (Low) reflects network vector with high complexity and low-privilege requirements, while no public exploit or CISA KEV listing exists at time of analysis.

Mattermost Information Disclosure
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

OpenClaw before 2026.4.23 fails to invalidate cached webhook route secrets after rotation, allowing attackers with previously valid secrets to continue authenticating webhook requests and invoking task flows until gateway restart. The vulnerability affects SecretRef-backed webhook authentication where the resolved secret is cached at startup rather than re-resolved per request, weakening credential rotation effectiveness. Vendor-released patch available in version 2026.4.23.

Information Disclosure Openclaw
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Apache::Session versions through 1.94 for Perl re-creates deleted sessions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Suse +1
NVD VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Bearer token revocation bypass in OpenClaw gateway allows attackers to authenticate using rotated-out tokens until process restart. OpenClaw gateway HTTP and WebSocket handlers captured bearer authentication configuration at startup, failing to re-resolve credentials after SecretRef rotation. Attackers possessing a previously valid token can maintain unauthorized gateway access to /v1/* endpoints, /tools/invoke, plugin routes, and canvas upgrade paths even after operators rotate secrets, believing the old token is revoked. Fixed in version 2026.4.15. CVSS 9.2 reflects network-accessible attack with high complexity; no public exploit identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Mattermost 10.11.x through 10.11.10 fails to clear cached permalink preview data when a user's channel access is revoked, allowing authenticated users to view private channel content through previously cached previews until the cache expires or they re-login. An authenticated attacker who previously had access to a private channel can exploit this to maintain visibility into sensitive channel communications after access removal. A patch is not currently available for this medium-severity vulnerability.

Information Disclosure Mattermost
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy