CVE-2026-8670: avantra vulnerability

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.
CVE-2026-8670CVSS 9.6Windows

CVE-2026-8670: avantra vulnerability

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.

CVSS
9.6 CRITICAL
EPSS
11.99%
Known exploited
not in KEV
Product
avantra

What is known

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1.

Sources