Skip to main content

Digiwin EasyFlow .NET EUVDEUVD-2026-38223

| CVE-2026-12581 HIGH
Session Fixation (CWE-384)
2026-06-22 twcert GHSA-456x-9xrh-6x87
7.7
CVSS 4.0 · Vendor: twcert
Share

Severity by source

Vendor (twcert) PRIMARY
7.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.8 MEDIUM

Network-reachable with no attacker auth (PR:N) but requires victim to use planted session and then log in, justifying AC:H and UI:R; full takeover yields C:H/I:H, no direct availability impact.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (twcert).

CVSS VectorVendor: twcert

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 22, 2026 - 10:16 vuln.today

DescriptionCVE.org

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in.

AnalysisAI

Session fixation in Digiwin EasyFlow .NET allows unauthenticated remote attackers to pre-set a victim's session identifier and hijack the authenticated session once the victim logs in, inheriting the victim's privileges. No public exploit identified at time of analysis, but the CVSS 4.0 score of 7.7 and HIGH impact across confidentiality, integrity, and availability mark this as a meaningful risk for organizations using the workflow platform. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify EasyFlow .NET target instance
Delivery
Obtain or generate valid pre-auth session ID
Exploit
Deliver session ID to victim via phishing
Execution
Victim logs in using planted session
Persist
Attacker replays same session cookie
Impact
Access workflows with victim's privileges

Vulnerability AssessmentAI

Exploitation The attacker must be able to plant a chosen session identifier on the victim's browser (typically via phishing link with a session ID parameter, cross-site scripting in a related origin, or a man-on-the-side network position) AND the victim must subsequently log in to EasyFlow .NET while still holding that planted session ID. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H) indicates network-reachable, low-complexity exploitation requiring no privileges but with attack requirements (AT:P) and user interaction (UI:P) - the attacker must induce the victim to use the planted session ID and then log in. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker visits the EasyFlow .NET login page, captures or generates a valid pre-authentication session identifier, then delivers that session ID to a target user via a crafted phishing link (e.g., a URL parameter or pre-set cookie via cross-site scripting in a sibling app). Once the victim authenticates within that session, the attacker - still holding the same session ID - replays it and inherits the victim's authenticated privileges within EasyFlow workflows. …
Remediation No vendor-released patch identified at time of analysis in the provided data; organizations should contact Digiwin directly and consult the TWCERT advisories at https://www.twcert.org.tw/en/cp-139-10981-8617d-2.html and https://www.twcert.org.tw/tw/cp-132-10980-0e640-1.html for the latest fixed build. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running Digiwin EasyFlow .NET; review application and web server logs for session anomalies or suspicious login patterns. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2017-12965 CRITICAL POC
9.8 Aug 23

Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions via the PHPSESSID pa

CVE-2025-28242 CRITICAL POC
9.8 Apr 18

Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session

CVE-2022-40916 CRITICAL POC
9.8 Feb 06

Tiny File Manager v2.4.7 and below is vulnerable to session fixation. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2025-45949 CRITICAL POC
9.8 Apr 28

A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /login

CVE-2023-48929 CRITICAL POC
9.8 Dec 08

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. Rated criti

CVE-2023-41012 CRITICAL POC
9.8 Sep 05

An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to exe

CVE-2023-31498 CRITICAL POC
9.8 May 11

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to ex

CVE-2022-3269 CRITICAL POC
9.8 Sep 23

Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. Rated critical severity (CVSS 9.8), this vulnerab

CVE-2021-39290 CRITICAL POC
9.8 Aug 23

Certain NetModule devices allow Limited Session Fixation via PHPSESSID. Rated critical severity (CVSS 9.8), this vulnera

CVE-2020-11729 CRITICAL POC
9.8 Apr 15

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. Rated critical severity (CVSS 9.8), this v

CVE-2019-18418 CRITICAL POC
9.8 Oct 24

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests be

CVE-2018-18925 CRITICAL POC
9.8 Nov 04

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." s

Share

EUVD-2026-38223 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy