CVE-2026-24352

Name of the Vulnerable Software and Affected Versions PluXml CMS versions 5.8.21 and 5.9.0-rc7

Description PluXml CMS allows a user’s session identifier to be set before authentication. The value of this session ID remains consistent even after authentication. This behavior allows an attacker to fix a session ID for a victim and subsequently hijack the authenticated session.

Recommendations Update to a newer version of PluXml CMS that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.