CVE-2026-8670

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.

critical 9.6 CVSS 3.1
Published: May 22, 2026
Modified: Jun 2, 2026
Vendor: Avantra
Product: Avantra

Description

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay).

This issue affects Avantra: before 25.3.1.

References

Related CVEs

CVE-2026-8673 medium · 5.9
Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0.
CVE-2026-8671 high · 7.5
Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 2
CVE-2026-8672 medium · 5.1
Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.