Org Wso2 Carbon Org Wso2 Carbon Ui
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Org Wso2 Carbon Org Wso2 Carbon Ui.
By the Year
In 2026 there have been 0 vulnerabilities in Org Wso2 Carbon Org Wso2 Carbon Ui. Last year, in 2025 Org Wso2 Carbon Org Wso2 Carbon Ui had 2 security vulnerabilities published. Right now, Org Wso2 Carbon Org Wso2 Carbon Ui is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 6.55 |
It may take a day or so for new Org Wso2 Carbon Org Wso2 Carbon Ui vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Org Wso2 Carbon Org Wso2 Carbon Ui Security Vulnerabilities
WSO2 Carbon Console CSRF via GET in Admin Service State-Changing Ops
CVE-2025-6670
8.8 - High
- November 18, 2025
A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin services, specifically in the event processor of the Carbon console. Although the SameSite=Lax cookie attribute is used as a mitigation, it is ineffective in this context because it allows cookies to be sent with cross-origin top-level navigations using GET requests. A malicious actor can exploit this vulnerability by tricking an authenticated user into visiting a crafted link, leading the browser to issue unintended state-changing requests. Successful exploitation could result in unauthorized operations such as data modification, account changes, or other administrative actions. According to WSO2 Secure Production Guidelines, exposure of Carbon console services to untrusted networks is discouraged, which may reduce the impact in properly secured deployments.
Session Riding
WSO2 Management Console Auth Bypass via URI Manipulation
CVE-2025-5605
4.3 - Medium
- October 24, 2025
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known exposure from this issue is limited to memory statistics. While the vulnerability does not allow full account compromise, it still enables unauthorized access to internal system details.
Authentication Bypass by Spoofing
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Org Wso2 Carbon Org Wso2 Carbon Ui or by Wso2? Click the Watch button to subscribe.
