Which versions of Session Fixation are affected by EUVD-2026-16581?

Organizations using Bludit should be aware of moderate risk from CVE-2026-25101 rated CVSS 4.8. Exploitation could compromise the security of affected deployments.. A patch is available.

Session Fixation EUVD-2026-16581

Q: What is the CVSS score of EUVD-2026-16581?

EUVD-2026-16581 has a CVSS 4.0 base score of 4.8 (Medium). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-25101 MEDIUM

Session Fixation (CWE-384)

2026-03-27 CERT-PL

GHSA-fjj5-fj78-h28j

Information Disclosure Session Fixation

4.8

CVSS 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

3.17.2

EUVD ID Assigned

Mar 27, 2026 - 12:15 euvd

EUVD-2026-16581

Analysis Generated

Mar 27, 2026 - 12:15 vuln.today

CVE Published

Mar 27, 2026 - 11:55 nvd

MEDIUM 4.8

DescriptionNVD

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticated session.

This issue was fixed in version 3.17.2.

AnalysisAI

Bludit versions prior to 3.17.2 allow attackers to fix a victim's session identifier before authentication, with the session ID persisting unchanged after successful login, enabling authenticated session hijacking via session fixation. The vulnerability affects all Bludit instances below version 3.17.2 and requires local access and user interaction to exploit. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-16581 vulnerability details – vuln.today

Back

Session Fixation EUVD-2026-16581

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Session Fixation EUVD-2026-16581

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code