TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute
CVE-2026-11956

6.3MEDIUM

Key Information:

Vendor: Twin
Status: Gatus
Vendor: CVE Published:; 11 June 2026

What is CVE-2026-11956?

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label "not planned".

Affected Version(s)

gatus 5.36.0

References

https://vuldb.com/vuln/370343

vdb-entrytechnical-description

https://vuldb.com/vuln/370343/cti

signaturepermissions-required

https://vuldb.com/cve/CVE-2026-11956

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2026
Vulnerability Reserved
Jun 11, 2026

Credit

geochen (VulDB User)

VulDB CNA Team

CVE-2026-11956 Data

JSON

Twin

What is CVE-2026-11956?

Affected Version(s)

References

CVSS V4

Timeline

Credit