Tag
CVE-2026-10130 describes an authentication bypass vulnerability in QueryWeaver, enabling unauthenticated attackers to obtain valid session tokens for existing user accounts by submitting a crafted signup request with a known victim's email address, leveraging a Cypher MERGE operation that unconditionally links a new token before checking for existing accounts.