Wso2 Carbon Magiclink Authenticator Module
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Wso2 Carbon Magiclink Authenticator Module.
By the Year
In 2026 there have been 2 vulnerabilities in Wso2 Carbon Magiclink Authenticator Module with an average score of 8.0 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.95 |
It may take a day or so for new Wso2 Carbon Magiclink Authenticator Module vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Wso2 Carbon Magiclink Authenticator Module Security Vulnerabilities
WSO2 IdentityServer Magic Link Authenticator DoS via Uncontrolled Memory Growth
CVE-2025-10470
8.6 - High
- May 11, 2026
The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger.
Resource Exhaustion
Auth Bypass for Locked Accounts via Magic Link in WSO2 Identity Server
CVE-2025-10908
7.3 - High
- May 11, 2026
Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked. This vulnerability may allow unauthorized access to applications and sensitive data associated with accounts that should have been restricted via the account lock mechanism. It also undermines the effectiveness of the account lock mechanism intended to prevent further login attempts.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Wso2 Carbon Magiclink Authenticator Module or by Wso2? Click the Watch button to subscribe.
