NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-33384

Summary	QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version 6.8 published on 15.05.2026, deployments without this patch are still vulnerable.
Publication Date	May 30, 2026, 1:16 a.m.
Registration Date	May 30, 2026, 4:15 a.m.
Last Update	May 30, 2026, 1:29 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.pl/posts/2026/05/CVE-2026-33384/	cvd@cert.pl
2	https://opensolution.org/home.html	cvd@cert.pl

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-384	セッションの固定化	https://cwe.mitre.org/data/definitions/384.html