Session Replay Vulnerability in Avantra Software by Syslink on Linux and Windows
CVE-2026-8670

9.6CRITICAL

Key Information:

Vendor

Syslink Software Ag

Status
Avantra
Vendor
CVE Published:
22 May 2026

What is CVE-2026-8670?

A significant vulnerability exists in Avantra software by Syslink that allows session IDs to be reused due to insufficient session expiration mechanisms. This risk enables attackers to exploit session replay attacks, potentially gaining unauthorized access to user accounts and sensitive information. Users operating versions of Avantra prior to 25.3.1 should prioritize updating their systems to mitigate this risk.

Affected Version(s)

Avantra Linux 0 < 25.3.1

References

https://support.avantra.com/hc/en-us/articles/5533929912351
vendor-advisory

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vicxer Inc.
.