OIDC Login CSRF Vulnerability in Leantime by Leantime
CVE-2026-59713
8.6HIGH
What is CVE-2026-59713?
Leantime has a vulnerability in the OIDC login mechanism, specifically in the verifyState() method. This issue allows an attacker to craft malicious callback URLs that exploit the application's failure to validate state parameters, leading to potential session fixation attacks. By manipulating the authorization process, attackers can log victims into a session under their control, which poses a significant threat to user security. It is essential for users to update to the patched version as outlined in the references to mitigate this risk.
Affected Version(s)
Leantime 0 <= 3.4.4
