CVE-2026-11956

LOW 3.7

TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can lead to sensitive cookie without secure attribute. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is considered difficult. The reported GitHub issue was closed with the label "not planned".

CWE	CWE-614 CWE-1004
Vendor	twin
Product	gatus
Published	Jun 11, 2026
Last Updated	Jun 11, 2026

Stay Ahead of the Next One

Get instant alerts for twin gatus

Be the first to know when new low vulnerabilities affecting twin gatus are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

TwiN / gatus

5.36.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/370343 vuldb.com: https://vuldb.com/vuln/370343/cti vuldb.com: https://vuldb.com/cve/CVE-2026-11956 vuldb.com: https://vuldb.com/submit/836328 github.com: https://github.com/TwiN/gatus/issues/1689 github.com: https://github.com/TwiN/gatus/

Credits

🔍 geochen (VulDB User) VulDB CNA Team