Name of the Vulnerable Software and Affected Versions:

Payload versions prior to 3.44.0

Description:

A session fixation issue existed in Payload's SQLite adapter due to identifier reuse during account creation. An attacker could create an account, save its JSON Web Token (JWT), delete the account, and then reuse the JWT to authenticate as a subsequent user.

Recommendations:

Update to version 3.44.0 or later.