CVE-2026-8670
CVE-2026-8670
9.6
CriticalPublished:
Last updated:
Source:vulnerability@ncsc.ch
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.
References
vulnerability@ncsc.ch
https://support.avantra.com/hc/en-us/articles/5533929912351