CVE-2026-11956
LowCVSS 3.7Summary
A vulnerability was identified in version 5.36.0 of the TwiN gatus component, concerning the setSessionCookie function in the security/oidc.go file. Manipulating this function can lead to sensitive cookies without the secure attribute.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a risk of sensitive data exposure. Despite the high complexity of the attack, its exploitability is considered difficult.
Recommendation
It is recommended to monitor and update the TwiN gatus component to the latest version to minimize the risk associated with this vulnerability.
Original NVD description (English source)
A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label "not planned".

