CRITICAL
StratonWebDesigners
CVE published 2026-07-16
CVE-2026-45336
CVE-2026-45336 is a critical vulnerability in HireFlow, a web-based interview management system. Versions 1.2 and earlier are vulnerable to authentication bypass due to a hard-coded Flask secret_key used to sign session cookies. This allows unauthenticated attackers who know the public source value to forge cookies containing role=admin and user_id values, effectively bypassing authentication. The vulnera [truncated]