Vulnerability in Syracom Ag Secure Login (2fa) For Bitbucket

CVE-2026-12225

syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker with valid credentials for a user account can bypass the two-factor authentication flow by sen…

Affected products

Syracom Ag Secure Login (2fa) For Bitbucket — versions 3.4.0.0
Syracom Ag Secure Login (2fa) For Confluence — versions 3.4.0.0
Syracom Ag Secure Login (2fa) For Jira — versions 3.4.0.0

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

551230f0-3615-47bd-b7cc-93e92e730bbf (product)
551230f0-3615-47bd-b7cc-93e92e730bbf (vendor-advisory)
551230f0-3615-47bd-b7cc-93e92e730bbf (mitigation)
551230f0-3615-47bd-b7cc-93e92e730bbf (third-party-advisory)