CVE-2026-12581

Summary

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in.

Affected Software

VendorProductVersion RangeStatus
DigiwinEasyFlow .NET0 <= 8.1.4affected

Weaknesses

  • CWE-384: CWE-384 Session fixation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References