Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 06 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns true without validating state parameters. Attackers can craft malicious callback URLs with attacker-controlled authorization codes to perform session fixation, logging victims in as the attacker. | |
| Title | Leantime - OIDC Login CSRF via Unconditional State Verification Stub | |
| First Time appeared |
Leantime
Leantime leantime |
|
| Weaknesses | CWE-352 | |
| CPEs | cpe:2.3:a:leantime:leantime:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Leantime
Leantime leantime |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-06T20:36:24.795Z
Reserved: 2026-07-06T15:31:46.188Z
Link: CVE-2026-59713
No data.
No data.
No data.
OpenCVE Enrichment
No data.