HIGH
malach-it
CVE published 2026-06-11
CVE-2026-53661
CVE-2026-53661 is a high-severity vulnerability in the Boruta authorization server. Prior to version 0.9.1, Boruta's session cookies and remember-me cookie were set without the Secure attribute. This allowed potential attackers to intercept these cookies over an unencrypted connection if users accessed the same Boruta origin over plaintext HTTP. An attacker could then reuse a valid session or remember-me [truncated]