PatchSiren cyber security CVE debrief
CVE-2026-11956 TwiN CVE debrief
A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult.
- Vendor
- TwiN
- Product
- gatus
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of TwiN gatus 5.36.0 should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is located in the setSessionCookie function of the security/oidc.go file in the OIDC Session Cookie Handler component of TwiN gatus 5.36.0. An attacker can remotely exploit this vulnerability, which has a high complexity and is considered difficult to exploit.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates as recommended by the vendor.
- Review and update security configurations for the OIDC Session Cookie Handler.
Evidence notes
The reported GitHub issue was closed with the label 'not planned'.
Official resources
CVE-2026-11956 was published on 2026-06-11T13:16:32.237Z and modified on 2026-06-11T14:42:54.153Z.