MEDIUM
Bentley Systems
CVE published 2026-04-02
CVE-2026-35383
Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. As of 2026-03-27, the token is no longer present in the web pages and cannot be used to enumerate or delete assets. The vulnerability has been mitigated, and no further action is required from users. The incident highlight [truncated]