TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X

Description

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label "not planned".

Basic Information

ID CVE-2026-11956

Source VulDB

Published Jun 11, 2026 at 11:30

Affected Product

Vendor TwiN

Product gatus

Version 5.36.0

Affected Versions TwiN gatus 5.36.0

CWE Classification

CWE-614 CWE-1004

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label \"not planned\".",
    "published": "2026-06-11T11:30:12.019Z",
    "modified": "2026-06-11T11:30:12.019Z",
    "type": "cve",
    "title": "TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/370343\nhttps://vuldb.com/vuln/370343/cti\nhttps://vuldb.com/cve/CVE-2026-11956\nhttps://vuldb.com/submit/836328\nhttps://github.com/TwiN/gatus/issues/1689\nhttps://github.com/TwiN/gatus/",
    "id": "CVE-2026-11956",
    "bulletinFamily": "",
    "cwe": [
        "CWE-614",
        "CWE-1004"
    ],
    "cvelist": null,
    "sourceData": "TwiN gatus 5.36.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "gatus",
    "version": "5.36.0",
    "vendor": "TwiN",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute_CVE-2026-11956