CVE-2026-40127
Awaiting Analysis Awaiting Analysis - Queue
Authorization Bypass in OutSystems Lifetime

Publication date: 2026-05-25

Last updated on: 2026-05-25

Assigner: CERT.PL

Description
OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This issue was fixed in OutSystems Lifetime version 11.28.2.3955
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-25
Last Modified
2026-05-25
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-40127
EUVD
EUVD-2026-31662
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
outsystems lifetime 11.28.2.3955
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in OutSystems Lifetime involves an Authorization Bypass through the ApplicationID parameter. It allows any authenticated user to access the Change Log, which contains records of actions performed by other users and the names of applications. Essentially, users can view information they should not normally have permission to see.

Impact Analysis

The impact of this vulnerability is that unauthorized users can read sensitive information about other users' actions and application details. This could lead to information disclosure, potentially exposing operational details or user activities that should remain confidential.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade OutSystems Lifetime to version 11.28.2.3955 or later, where the issue has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40127. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart