CVE-2026-10130
Received Received - Intake

Authentication Bypass in QueryWeaver via Email Signup

Vulnerability report for CVE-2026-10130, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulnCheck

Description

QueryWeaver contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain valid session tokens for existing accounts by submitting a signup request with a known victim email address. The signup route unconditionally creates and links a new token to the matching Identity via a Cypher MERGE operation before checking whether the email belongs to an existing account, causing the server to return a valid authenticated session token for the victim's identity without requiring any prior credentials or user interaction.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

QueryWeaver has an authentication bypass flaw where attackers can get valid session tokens for existing accounts by submitting a signup request with a known victim's email. The system creates and links a token to the account before verifying if the email exists, granting unauthorized access without credentials.

Detection Guidance

Detecting this vulnerability requires monitoring for unauthenticated signup requests that generate valid session tokens for existing accounts. Check server logs for repeated signup attempts with known email addresses. Look for MERGE operations in Cypher queries that create tokens without prior authentication. Inspect network traffic for POST requests to signup endpoints with victim email addresses.

Impact Analysis

Attackers could impersonate users, access sensitive data, or perform unauthorized actions on their behalf. This includes reading private information, modifying settings, or escalating privileges without detection.

Compliance Impact

This vulnerability likely violates GDPR's data protection requirements by enabling unauthorized access to personal data and HIPAA's safeguards for protected health information, potentially leading to legal penalties and loss of compliance certifications.

Mitigation Strategies

Immediately disable the signup route or modify the authentication flow to validate email ownership before issuing session tokens. Review server logs for suspicious signup attempts with known email addresses.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10130. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart