CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-57948

mediumCVSS 6.8covered by 1 sourcefirst seen 2026-06-29
Pinpoint through version 3.1.0 contains an insecure session management vulnerability that allows attackers to access the pinpointJwt session cookie due to missing HttpOnly and Secure attributes, enabling JavaScript access via document.cookie and cleartext transmission over HTTP. Attackers can exploit stored or reflected cross-site scripting vulnerabilities to exfiltrate the session token or intercept it through network sniffing to perform session hijacking.

⚡ Watch CVE-2026-57948

Get an email if CVE-2026-57948 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-57948

CVE.org record

Embed the live status

CVE-2026-57948 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-57948 status](https://www.csirts.com/badge/CVE-2026-57948)](https://www.csirts.com/cve/CVE-2026-57948)