PT-2026-21250 · Unknown · Hypercloud
Published
2026-02-20
·
Updated
2026-02-20
·
CVE-2026-1842
CVSS v4.0
6.2
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U |
Name of the Vulnerable Software and Affected Versions
HyperCloud versions 2.3.5 through 2.6.8
Description
The software improperly allowed refresh tokens to be used directly for resource access and did not invalidate previously issued access tokens when a refresh token was used. Refresh tokens have a long lifetime, allowing an authenticated client to maintain access without token rotation. Old access tokens remained valid after refresh, enabling concurrent or extended use beyond intended session boundaries. This could allow prolonged unauthorized access if a token is disclosed.
Recommendations
Update HyperCloud to a version later than 2.6.8.
Update HyperCloud to a version later than 2.3.5.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hypercloud