Skip to main content

Cas

1 CVEs product

Monthly

CVE-2026-59099 CRITICAL POC PATCH Act Now

Plaintext recovery of webflow conversation state in Apereo CAS (versions 7.3.0 up to but not including 8.0.0-RC6) lets remote unauthenticated attackers decrypt sensitive login-flow data by exploiting AES-GCM nonce reuse. Because the server encrypts client-side webflow execution tokens with a fixed all-zero initialization vector under a single long-lived key, an attacker can harvest multiple tokens from the public login page and apply known-plaintext/keystream-reuse analysis to break confidentiality (and, given GCM's nonce-reuse properties, integrity of the token). Publicly available exploit code exists; the flaw was reported by VulnCheck and carries a CVSS 4.0 base of 9.3, though no CISA KEV listing or EPSS score is provided.

Information Disclosure Cas
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.4%
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Plaintext recovery of webflow conversation state in Apereo CAS (versions 7.3.0 up to but not including 8.0.0-RC6) lets remote unauthenticated attackers decrypt sensitive login-flow data by exploiting AES-GCM nonce reuse. Because the server encrypts client-side webflow execution tokens with a fixed all-zero initialization vector under a single long-lived key, an attacker can harvest multiple tokens from the public login page and apply known-plaintext/keystream-reuse analysis to break confidentiality (and, given GCM's nonce-reuse properties, integrity of the token). Publicly available exploit code exists; the flaw was reported by VulnCheck and carries a CVSS 4.0 base of 9.3, though no CISA KEV listing or EPSS score is provided.

Information Disclosure Cas
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy