PYSEC-2026-360

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ipsilon/PYSEC-2026-360.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-360
Aliases
Published
2026-06-29T11:50:32.271750Z
Modified
2026-07-02T13:00:07.935493576Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
Session Fixation in ipsilon
Details

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability."

References

Affected packages

PyPI / ipsilon

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.3
Introduced
1.1.0
Fixed
1.1.2
Introduced
2.0.0
Fixed
2.0.2
Introduced
1.2.0
Fixed
1.2.1

Affected versions

1.*
1.2.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/ipsilon/PYSEC-2026-360.yaml"