CVE-2023-26261

Published: 2023-03-08T15:15Z

Last Modified: 2025-03-05T19:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt