Apache Syncope, a popular open-source identity and access management platform, has disclosed a critical XML External Entity (XXE) vulnerability in its Console component. The vulnerability, tracked as CVE-2026-23795, allows authenticated administrators to execute XXE attacks and extract sensitive data from affected systems. Security researchers Follycat and Y0n3er discovered the flaw, which affects multiple versions of […] The post Apache Syncope Vulnerability Allows Attackers to Hijack Active User Sessions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/apache-syncope-vulnerability/
