CVE-2026-11956

CVE Database · CVE-2026-11956

CVE-2026-11956

· LOWDeferred

CVSS v3.1

3.7

CVSS v4.0

6.3

EPSS

0.28%

Published

Jun 11, 2026

Modified

Jun 11, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label "not planned".

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-614CWE-1004

References (8)

https://github.com/TwiN/gatus/

https://github.com/TwiN/gatus/issues/1689

https://vuldb.com/cve/CVE-2026-11956

https://vuldb.com/submit/836328

https://vuldb.com/vuln/370343

https://vuldb.com/vuln/370343/cti

https://github.com/TwiN/gatus/issues/1689

https://vuldb.com/submit/836328

KEV Catalog EPSS Scores Vendors All CVEs