Highsfnelson

**Name of the Vulnerable Software and Affected Versions** Katalyst Koi versions prior to 5.6.0 Katalyst Koi versions prior to 4.20.0 **Description** Admin session cookies are not invalidated upon logout. This allows an attacker who has obtained a valid admin session cookie—through exposure, caching, or interception—to maintain access to administrative functionality until the cookie expires or session secrets are rotated. This issue is a form of session replay, where a previously valid session is reused to gain unauthorized access. **Recommendations** Upgrade to version 5.6.0 or later. Upgrade to version 4.20.0 or later.