CVE-2025-10908 - Account Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized Access
CVE ID :CVE-2025-10908 Published : May 11, 2026, 10:16 a.m. | 49 minutes ago Description :Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security contr
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Ronin set to transition to Ethereum layer 2 from independent sidechain
- [CYBER] Python Infostealer Hides in GitHub Releases to Bypass Detection
- [CYBER] PHP SOAP Extension Flaw Could Let Attackers Execute Code Remotely
- [CYBER] Construction to Cyber PM
- [CYBER] Cyber Espionage Group Targets Aviation Firms to Steal Map Data
- [CYBER] Skoda Data Breach Hits Online Shop Customers