CVE-2025-26058
First published: Tue Feb 18 2025(Updated: )
Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QloApps | =1.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-26058?
The severity of CVE-2025-26058 is considered high due to the exposure of sensitive authentication tokens in URLs.
How do I fix CVE-2025-26058?
To fix CVE-2025-26058, you should update Webkul QloApps to a later version that does not expose authentication tokens in URLs.
What are the potential impacts of CVE-2025-26058?
The potential impacts of CVE-2025-26058 include unauthorized access to protected areas of the application due to exposed authentication tokens.
Which versions of QloApps are affected by CVE-2025-26058?
CVE-2025-26058 specifically affects Webkul QloApps version 1.6.1.
Is there any workaround for CVE-2025-26058?
A possible workaround for CVE-2025-26058 is to ensure that sensitive authentication tokens are not included in URLs during redirection.
- agent/references
- agent/author
- agent/first-publish-date
- agent/type
- agent/description
- agent/softwarecombine
- agent/source
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/tags
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/webkul
- canonical/qloapps