Digiwin CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Digiwin CVE published 2026-06-22

CVE-2026-12581

CVE-2026-12581 is a HIGH-severity vulnerability in EasyFlow .NET developed by Digiwin. A Session Fixation vulnerability allows unauthenticated remote attackers to gain a user's privilege by replacing a specific session ID after the user logs in. This issue requires immediate attention from defenders. The vulnerability's CVSS score is 7.7, indicating a significant risk. Defenders should prioritize patching [truncated]

MEDIUM Digiwin CVE published 2026-06-22

CVE-2026-12580

CVE-2026-12580 is a Stored Cross-Site Scripting vulnerability in EasyFlow .NET developed by Digiwin. The vulnerability allows authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load. The CVSS score is 5.1, indicating a medium severity. Defenders should assess their exposure and prioritize patching.