CVE-2026-27933
Session Hijacking via Cookie Leakage in Manyfold Web App
Publication date: 2026-02-26
Last updated on: 2026-02-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| manyfold | manyfold | to 0.133.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27933 is a session hijacking vulnerability in the Manyfold web application, caused by cookie leakage in proxy caches. This flaw affects Manyfold versions up to 0.132.1 and allows an attacker to escalate privileges by accessing cookies improperly shared through proxy caches.
The vulnerability was discovered when a user logged into Manyfold on two different devices with different accounts and networks experienced privilege escalation on one device, gaining unauthorized admin access. This occurred even after clearing cookies and using private browsing, and across devices on the same network.
The issue is fixed starting from Manyfold version 0.133.0.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to hijack sessions and escalate their privileges within the Manyfold application.
- Attackers can gain access to admin-only site settings and sensitive information such as registered accounts.
- It can lead to unauthorized data access and modification, impacting confidentiality and integrity.
However, it does not affect the availability of the application.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for unexpected session privilege escalations or unauthorized access to admin-only functions when users are logged in on multiple devices or networks simultaneously.'}, {'type': 'paragraph', 'content': 'Since the issue involves cookie leakage in proxy caches, you can inspect HTTP headers and cookies being passed through your proxy (e.g., Nginx) to check if session cookies are improperly cached or shared.'}, {'type': 'paragraph', 'content': 'Suggested commands include using tools like curl or tcpdump to capture and analyze HTTP traffic for cookie leakage.'}, {'type': 'list_item', 'content': "Use tcpdump to capture HTTP traffic on the proxy server: tcpdump -i <interface> -A -s 0 'tcp port 80 or tcp port 443'"}, {'type': 'list_item', 'content': 'Use curl to inspect response headers for cache control directives: curl -I https://your-manyfold-instance'}, {'type': 'list_item', 'content': 'Check Nginx proxy cache configuration to ensure cookies are not cached or shared between users.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Manyfold to version 0.133.0 or later, where this vulnerability has been fixed.
Additionally, review and adjust your proxy cache settings (e.g., Nginx) to prevent caching of session cookies or other sensitive authentication tokens.
If upgrading immediately is not possible, consider restricting public exposure of the Manyfold instance and limit access to trusted networks or users.