{“lastseen”:””,”description”:”OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can\u00a0read the Change Log containing actions performed by other users as well as application name of any application.\\n\\nThis issue was fixed in OutSystems Lifetime version\u00a011.28.2.3955″,”published”:”2026-05-25T10:18:05.904Z”,”modified”:”2026-05-25T10:18:05.904Z”,”type”:”cve”,”title”:”Authorization Bypass Through User-Controlled Key in OutSystems Lifetime”,”source”:”CERT-PL”,”references”:”https:\/\/cert.pl\/en\/posts\/2026\/05\/CVE-2026-40126\/\\nhttps:\/\/www.outsystems.com\/downloads\/ScreenDetails?ReleaseId=22953\\u0026MajorVersion=11\\u0026ComponentName=LifeTime”,”id”:”CVE-2026-40127″,”bulletinFamily”:””,”cwe”:[“CWE-639″],”cvelist”:null,”sourceData”:”OutSystems Lifetime 0″,”sourceHref”:””,”cvss”:{“score”:5.3,”severity”:”MEDIUM”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:N\/VA:N\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Lifetime”,”version”:”0″,”vendor”:”OutSystems”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can\u00a0read the Change Log containing actions performed by…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,22,12,21,13,7,11,5],"class_list":["post-56719","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-53","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n