CVE Catalog

CVE-2026-59099

CriticalCVSS 9.1
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile — higher than 28% of all known CVEs

Summary

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow conversation state due to keystream reuse caused by a fixed all-zero IV paired with the same encryption key.

Risk Assessment

The risk is that an unauthenticated attacker can decrypt sensitive user session data, potentially leading to account takeover, privilege escalation, or theft of sensitive organizational data.

Recommendation

Immediately upgrade Apereo CAS to version 8.0.0-RC6 or later, which fixes this vulnerability by ensuring a unique initialization vector for each encryption.

Original NVD description (English source)

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow conversation state due to keystream reuse caused by a fixed all-zero IV paired with the same encryption key.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS