CVE-2020-27739
CRITICALCitadel WebCit <= 926 - Unauthenticated Session Hijacking via Weak Session Management
Title source: llmDescription
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.citadel.org/
Exploit, Vendor Advisory x_refsource_misc
http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834
Scores
CVSS v3
9.8
EPSS
0.0181
EPSS Percentile
75.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-613
Status
published
Products (1)
citadel/webcit
< 926
Published
Oct 28, 2020
Tracked Since
Feb 18, 2026