Auth bypass in Outsystems Lifetime

CVE-2026-40127

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as applicat…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.