{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4349", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-17T17:03:17.392Z", "datePublished": "2026-03-17T21:32:11.670Z", "dateUpdated": "2026-03-25T10:56:05.955Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-25T10:56:05.955Z"}, "title": "Duende IdentityServer4 Token Renewal Endpoint authorize improper authentication", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-287", "lang": "en", "description": "Improper Authentication"}]}], "affected": [{"vendor": "Duende", "product": "IdentityServer4", "versions": [{"version": "4.1.0", "status": "affected"}, {"version": "4.1.1", "status": "affected"}, {"version": "4.1.2", "status": "affected"}], "modules": ["Token Renewal Endpoint"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id_token_hint causes improper authentication. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. This vulnerability only affects products that are no longer supported by the maintainer."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.6, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND"}}], "timeline": [{"time": "2026-03-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-17T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-25T12:00:53.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Edcarlos (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.351380", "name": "VDB-351380 | Duende IdentityServer4 Token Renewal Endpoint authorize improper authentication", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351380", "name": "VDB-351380 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.772071", "name": "Submit #772071 | DuendeSoftware Identity Server 4 Authentication Bypass Issues", "tags": ["third-party-advisory"]}], "tags": ["unsupported-when-assigned"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T19:59:03.230542Z", "id": "CVE-2026-4349", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T19:59:09.789Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4349", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T19:59:03.230542Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T19:59:06.949Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "Duende IdentityServer4 Token Renewal Endpoint authorize improper authentication", "credits": [{"lang": "en", "type": "reporter", "value": "Edcarlos (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:ND"}}], "affected": [{"vendor": "Duende", "modules": ["Token Renewal Endpoint"], "product": "IdentityServer4", "versions": [{"status": "affected", "version": "4.1.0"}, {"status": "affected", "version": "4.1.1"}, {"status": "affected", "version": "4.1.2"}]}], "timeline": [{"lang": "en", "time": "2026-03-17T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-17T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-25T12:00:53.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.351380", "name": "VDB-351380 | Duende IdentityServer4 Token Renewal Endpoint authorize improper authentication", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351380", "name": "VDB-351380 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.772071", "name": "Submit #772071 | DuendeSoftware Identity Server 4 Authentication Bypass Issues", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id_token_hint causes improper authentication. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. This vulnerability only affects products that are no longer supported by the maintainer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "Improper Authentication"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-25T10:56:05.955Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4349", "state": "PUBLISHED", "dateUpdated": "2026-03-25T10:56:05.955Z", "dateReserved": "2026-03-17T17:03:17.392Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-17T21:32:11.670Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulation of the argument id_token_hint causes improper authentication. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "Se determin\u00f3 una vulnerabilidad en Duende IdentityServer 4. El elemento afectado es una funci\u00f3n desconocida del archivo /connect/authorize del componente Token Renewal Endpoint. Esta manipulaci\u00f3n del argumento id_token_hint causa una autenticaci\u00f3n impropia. Es posible iniciar el ataque de forma remota. El ataque se considera de alta complejidad. La explotabilidad se describe como dif\u00edcil. El proveedor fue contactado tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-4349", "lastModified": "2026-03-25T11:16:40.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-17T22:16:15.407", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.351380"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.351380"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.772071"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "IdentityServer", "source": "cna", "vendor": "Duende"}, "product": "identityserver", "vendor": "duende"}], "analysis": {"en": {"generated_at": "2026-03-25T12:29:49.527800+00:00", "value": {"mitigation_remediation": ["Upgrade Duende IdentityServer4 to a supported, patched version newer than 4.1.2", "If an upgrade is not feasible, disable or restrict the /connect/authorize token renewal endpoint to trusted clients only", "Monitor authentication logs for suspicious id_token_hint usage to detect potential exploitation attempts", "Regularly check the vendor\u2019s security advisories for updates or additional mitigations"], "summary": {"action": "Upgrade", "impact": "Improper authentication via manipulated id_token_hint"}, "threat_synthesis": {"affected_systems": "Duende IdentityServer4 versions up to and including 4.1.2 are affected. Systems running these unsupported releases are at risk; no specific downstream products are listed.", "description_and_impact": "A flaw in Duende IdentityServer4 allows an attacker to supply a crafted id_token_hint to the /connect/authorize token renewal endpoint, resulting in improper authentication. The vulnerability can lead an attacker to obtain authenticated sessions or elevated privileges under the guise of a legitimate user, potentially compromising user data and application security. It is a moderate severity issue with a CVSS base score of 6.3.", "risk_and_exploitability": "The attack can be launched remotely, with high complexity and described as difficult to exploit. EPSS is below 1\u2009%, indicating a low likelihood of widespread exploitation, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. However, because the affected software is no longer supported, any exploitation would go unpatched unless the vendor releases an update."}}}}, "created": "2026-03-18T10:42:48.672182+00:00", "updated": "2026-03-25T14:44:28.352143+00:00", "vendors": ["duende", "duende$PRODUCT$identityserver"]}