CVE-2026-1842

216.73.216.226

· Published 20/02/2026 17:25 · Modified 20/02/2026 18:57

Labels: CVE-2026-1842 0a72a055-908d-47f5-a16a-1f09049c16c6 2026-02-20 CVE-2026-1842 CWE-613

Essential information

Published: 20/02/2026 17:25
Modified: 20/02/2026 18:57
Author: —
Creator: —
CVSS: 6.2 MEDIUM (v3) 6.2 MEDIUM (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime (default one year), an authenticated client could use a refresh token in place of an access token to maintain long-term access without token rotation. Additionally, old access tokens remained valid after refresh, enabling concurrent or extended use beyond intended session boundaries. This vulnerability could allow prolonged unauthorized access if a token is disclosed.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 0a72a055-908d-47f5-a16a-1f09049c16c6
NVD: View on NVD

Affected products (CPE)

Product	CPE
hypercloud / hypercloud	`cpe:2.3:a:hypercloud:hypercloud:2.3.5-2.6.8:::::::*`