Vulnerability in Bludit

CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behavior enables an attacker to fix a session ID for a victim and later hijack the authenticate…

EPSS: 0.000 (6.8th percentile) — read the EPSS interpretation.

Affected products

Bludit — versions 0

Weakness classification (CWE)

CWE-384 — Session Fixation

References

cert.pl/posts/2026/03/CVE-2026-25099 (third-party-advisory)
github.com/bludit/bludit/releases/tag/3.17.2 (release-notes)