CVE-2026-59713
HIGH
8.1
CVSS 3.1
Description
Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the attacker.
Metadata
Severity & Metrics
8.1
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Leantime | Leantime | — | 0 ≤ 3.4.4 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-352 | cna | Cross-Site Request Forgery (CSRF) |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 8.6 | HIGH | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
| 8.1 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
References (4)
- Pull Issue https://github.com/Leantime/leantime/issues/3535
- Product https://github.com/Leantime/leantime
- Patch Commit https://github.com/Leantime/leantime/commit/9630eb7db682fb1b4e23cdabf3428d03ec6f5094
- https://www.vulncheck.com/advisories/leantime-oidc-login-csrf-via-unconditional-state-verification-stub