What is GHSA-jrw3-h5q4-rwxc?

GHSA-jrw3-h5q4-rwxc is a security advisory published by GitHub Security Advisories with Medium severity. OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key...

Which CVE IDs does GHSA-jrw3-h5q4-rwxc cover?

GHSA-jrw3-h5q4-rwxc covers the following CVE IDs: CVE-2026-40127. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

GHSA-jrw3-h5q4-rwxcMedium

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-40127 →

📋 Description

OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application.

This issue was fixed in OutSystems Lifetime version 11.28.2.3955

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-40127
https://cert.pl/en/posts/2026/05/CVE-2026-40126
https://www.outsystems.com/downloads/ScreenDetails?ReleaseId=22953&MajorVersion=11&ComponentName=LifeTime
https://github.com/advisories/GHSA-jrw3-h5q4-rwxc