CVE-2026-35095

CVE-2026-35095

Published Jun 30, 2026·Updated Jun 30, 2026

Description

KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with a valid name is set, its value remains unchanged after successful login. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in the patch published in June 2026.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free