Wso2 Carbon Magiclink Authenticator Module vulnerabilities
2 known vulnerabilities affecting wso2/wso2_carbon_magiclink_authenticator_module.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-10470P3HIGHCVSS 8.6≥ 1.1.22, < 1.1.22.32026-05-11
CVE-2025-10470 [HIGH] CWE-400 CVE-2025-10470: The Magic Link authentication flow accepts multiple invalid authentication requests without adequate
The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth.
This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is lim
nvd
CVE-2025-10908P3HIGHCVSS 7.3≥ 1.1.0, < 1.1.0.1≥ 1.1.5, < 1.1.5.2+2 more2026-05-11
CVE-2025-10908 [HIGH] CWE-863 CVE-2025-10908: Due to a lack of user account state validation during authentication, locked user accounts can be su
Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security control that should prevent access to accounts that have been locked.
This vulnerability may allow unauthorized access to applications and sensitive data
nvd