CVE-2025-10470 – Denial-of-Service via Magic Link Authentication in WSO2 Identity Server Allows Service Unavailability

CVE ID :CVE-2025-10470

Published : May 11, 2026, 12:16 p.m. | 2 hours, 42 minutes ago

Description :The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth.

This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-10176 – Aider-AI Aider Code Generation Workflow sql injection

CVE-2026-10175 – Aider-AI Aider Architect Mode auth.py editor_coder.run code injection

CVE-2026-10174 – Aider-AI Aider Pre-commit Hook args.py protection mechanism

CVE-2026-10173 – Orthanc Explorer 2 URL StudyList.vue cross site scripting