PT-2026-39592 · Wso2 · Wso2 Carbon Magiclink Authenticator Module+2

Published

2026-05-11

·

Updated

2026-05-27

·

CVE-2025-10470

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)
Description The Magic Link authentication flow lacks adequate rate limiting or resource control, allowing it to accept multiple invalid authentication requests. This leads to uncontrolled memory usage growth, which can result in a denial-of-service condition and cause service unavailability for deployments utilizing the Magic Link authenticator.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Disable Magic Link deployments as a mitigation measure.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2025-10470

Affected Products

Wso2 Carbon Magiclink Authenticator Module
Wso2 Identity Server
Identityserver