NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-40127

Summary	OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in OutSystems Lifetime version 11.28.2.3955
Publication Date	May 25, 2026, 8:16 p.m.
Registration Date	May 27, 2026, 4:07 a.m.
Last Update	May 25, 2026, 8:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://cert.pl/en/posts/2026/05/CVE-2026-40126/	cvd@cert.pl
2	https://www.outsystems.com/downloads/ScreenDetails?ReleaseId=22953&MajorVersion=11&ComponentName=LifeTime	cvd@cert.pl

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-639	ユーザ制御の鍵による認証回避	https://cwe.mitre.org/data/definitions/639.html