CVE-2026-33384

UNKNOWN 0.0

Session Fixation in QuickCMS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. This issue was fixed in a patch to version 6.8 published on 15.05.2026, deployments without this patch are still vulnerable.

CWE	CWE-384
Vendor	opensolution
Product	quickcms
Published	May 29, 2026
Last Updated	May 29, 2026

Stay Ahead of the Next One

Get instant alerts for opensolution quickcms

Be the first to know when new unknown vulnerabilities affecting opensolution quickcms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OpenSolution / QuickCMS

0 ≤ 6.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/posts/2026/05/CVE-2026-33384/ opensolution.org: https://opensolution.org/home.html

Credits

Jakub Lipiński