Datalore
Monthly
JetBrains Datalore versions before 2026.1 contain a session hijacking vulnerability (CVE-2026-32745) caused by missing secure attribute configuration on session cookies, allowing attackers on the same network to intercept and reuse session tokens. The vulnerability affects all Datalore versions prior to 2026.1 and requires adjacent network access combined with user interaction; while the CVSS score is moderate (6.3), the impact is high for confidentiality and enables unauthorized account access.
JetBrains Datalore versions before 2026.1 contain a session hijacking vulnerability (CVE-2026-32745) caused by missing secure attribute configuration on session cookies, allowing attackers on the same network to intercept and reuse session tokens. The vulnerability affects all Datalore versions prior to 2026.1 and requires adjacent network access combined with user interaction; while the CVSS score is moderate (6.3), the impact is high for confidentiality and enables unauthorized account access.