Warpgate: SSO CSRF -- State Token Not Validated on Return
Summary
| CVE | CVE-2026-44347 |
|---|---|
| State | PUBLISHED |
| Assigner | GitHub_M |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-12 23:16:18 UTC |
| Updated | 2026-05-12 23:16:18 UTC |
| Description | Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the attacker's account (such as writing sensitive data to the attacker's SSH target, or logging into an HTTP target that the attacker set up). This vulnerability is fixed in 0.23.3. |
Risk And Classification
Primary CVSS: v3.1 5.8 MEDIUM from [email protected]
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
Problem Types: CWE-352 | CWE-352 CWE-352: Cross-Site Request Forgery (CSRF)
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 5.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N |
| 3.1 | CNA | DECLARED | 5.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
LowUser Interaction
RequiredScope
ChangedConfidentiality
NoneIntegrity
HighAvailability
NoneCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/warp-tech/warpgate/security/advisories/GHSA-rj86-hm3r-c275 | [email protected] | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.