NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-40939

Summary	The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This vulnerability is fixed in 2.1.0.
Publication Date	April 22, 2026, 7:16 a.m.
Registration Date	April 25, 2026, 4:04 a.m.
Last Update	April 23, 2026, 6:23 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://dsf.dev/operations/v2.1.0/bpe/oidc.html	security-advisories@github.com
2	https://dsf.dev/operations/v2.1.0/fhir/oidc.html	security-advisories@github.com
3	https://github.com/datasharingframework/dsf/commit/f4ecb002f7d12642f92da6b79371ed367d0140e7	security-advisories@github.com
4	https://github.com/datasharingframework/dsf/security/advisories/GHSA-gj7p-595x-qwf5	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-613	不適切なセッション期限	https://cwe.mitre.org/data/definitions/613.html