CVE-2026-8670
CRITICALsyslink software Avantra - Insecure Session Handling on Metrics Web Server
Title source: ruleDescription
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://support.avantra.com/hc/en-us/articles/5533929912351
Scores
CVSS v3
9.6
EPSS
0.0029
EPSS Percentile
20.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-613
Status
published
Products (2)
avantra/avantra
< 25.3.1
syslink software AG/Avantra
< 25.3.1
Published
May 22, 2026
Tracked Since
May 22, 2026