HIGH
Sesame Time
CVE published 2026-07-14
CVE-2026-15389
The CVE-2026-15389 vulnerability involves insufficient access control in the Sesame Time web application and its REST v3 API session management. The system relies solely on the session identifier (USID) for validation, without verifying if the USID belongs to the user making the request. This allows an attacker with a valid USID to impersonate a victim's session and access confidential information such as [truncated]