CVE-2026-11956

MEDIUM EPSS 9.0%

Published Jun 11, 20262w ago · Modified Jun 17, 20261w ago

6.3 CVSS 4.0

Medium

Published Jun 11, 2026 2w ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label "not planned".

CVSS Details

Base Score

6.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

9.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-1004

CWE-614

References 6

github.com https://github.com/TwiN/gatus/
github.com https://github.com/TwiN/gatus/issues/1689
vuldb.com https://vuldb.com/cve/CVE-2026-11956
vuldb.com https://vuldb.com/submit/836328
vuldb.com https://vuldb.com/vuln/370343
vuldb.com https://vuldb.com/vuln/370343/cti

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.