Skip to content
Threat Feed

Tag

Auth0

1 brief RSS
high advisory

Auth0-PHP SDK Cookie Forging Vulnerability (CVE-2026-34236)

Auth0-PHP SDK versions 8.0.0 to before 8.19.0 encrypt cookies with insufficient entropy, potentially allowing attackers to brute-force the encryption key and forge session cookies.

cve-2026-34236 auth0 php cookie-forging session-hijacking
2r 1t 1c