PT-2026-39592 · Wso2 · Wso2 Carbon Magiclink Authenticator Module+2
Published
2026-05-11
·
Updated
2026-05-27
·
CVE-2025-10470
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
The product name cannot be determined (affected versions not specified)
Description
The Magic Link authentication flow lacks adequate rate limiting or resource control, allowing it to accept multiple invalid authentication requests. This leads to uncontrolled memory usage growth, which can result in a denial-of-service condition and cause service unavailability for deployments utilizing the Magic Link authenticator.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Disable Magic Link deployments as a mitigation measure.
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wso2 Carbon Magiclink Authenticator Module
Wso2 Identity Server
Identityserver