Auth bypass in Sesame Time
CVE-2026-15389
A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier (USID) as t…
Vulnerability class: IDOR (Insecure Direct Object Reference)
Affected products
- Sesame Time — versions 0