Wso2 Wso2 Carbon Magiclink Authenticator Module
2 CVEs affecting Wso2 Wso2 Carbon Magiclink Authenticator Module. Latest disclosed: 2026-05-11. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-10470 | High | 8.6 | 2026-05-11 | The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled… |
CVE-2025-10908 | High | 7.3 | 2026-05-11 | Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key metho… |