What is CVE-2026-57948?

CVE-2026-57948 is a medium-severity vulnerability, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 6.8/10. Published 2026-06-29.

How severe is CVE-2026-57948?

Medium severity. CVSS v3 base score is 6.8 out of 10.

CVE-2026-57948

CVE-2026-57948

Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cook…

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N.

Weakness classification (CWE)

CWE-614 — Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-1004 — Sensitive Cookie Without 'HttpOnly' Flag

References

disclosure@vulncheck.com (issue-tracking)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-57948?: CVE-2026-57948 is a medium-severity vulnerability, classified under Sensitive Cookie in HTTPS Session Without 'Secure' Attribute. CVSS score: 6.8/10. Published 2026-06-29.
How severe is CVE-2026-57948?: Medium severity. CVSS v3 base score is 6.8 out of 10.