CVE-2026-40945 - Oxia: Bearer token exposed in debug log messages on authentication failure
CVE ID :CVE-2026-40945 Published : April 21, 2026, 10:16 p.m. | 44 minutes ago Description :Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production,
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Mantle proposes up to 30,000 ETH loan to address Aave bad debt from Kelp exploit
- [CYBER] Mantle proposes up to 30,000 ETH loan to address Aave bad debt from Kelp exploit - The Block
- [CYBER] CVE-2026-1952 - Denial of service via the undocumented subfunction in AS320T
- [CYBER] CVE-2026-1951 - No checking of the length of the buffer with the directory name in AS320T
- [CYBER] CVE-2026-1950 - No checking of the length of the buffer with the file name in AS320T
- [CYBER] Python Vulnerability Enables Out-of-Bounds Write on Windows