Name of the Vulnerable Software and Affected Versions: rucio-webui versions 1.26.0 through 1.26.6

Description: The issue potentially leaks the contents of cookies to other sessions within a wsgi container, specifically affecting Rucio authentication tokens. This allows users to access the webui with the leaked authentication token, resulting in privilege escalation. The Rucio server and daemons are not affected, and the issue is isolated to the webui.

Recommendations: For rucio-webui versions 1.26.0 through 1.26.6, update to version 1.26.7 to fix the issue. As a temporary workaround, consider installing the 1.25.7 webui release, as the 1.25 and previous webui release lines are not affected by this issue.