Product
A critical vulnerability in TSDProxy allows its internal per-process authentication token to be unconditionally forwarded to proxied backend services when `identityHeaders` is enabled, enabling an attacker with code execution on a co-located backend to replay the token to the local TSDProxy management API (port 8080) and bypass authentication, leading to full management API control.