https://0xoz.com/tags/security/Recent content in Security on 0xOZHugoen-us2024-2026 0xOZSat, 27 Jun 2026 00:00:00 +0000https://0xoz.com/posts/vuln-research/cve-2026-42155/Sat, 27 Jun 2026 00:00:00 +0000https://0xoz.com/posts/vuln-research/cve-2026-42155/<p>Hello,</p> <p>Today we will walkthrough another CVE (CVE-2026-42155) that I discovered in OpenMage LTS, a popular open-source e-commerce platform (yes using AI). This vulnerability is a cryptographic entropy collapse in the API session generation mechanism, which can lead to predictable session tokens and potential unauthorized access.</p> <p>In summary, the vulnerability arises from a 17 years old code snippet that was used to generate session tokens for API requests using a non-cryptographic method. The session tokens are generated using a combination of the current time and a unique identifier, which can be predicted by an attacker. This allows an attacker to potentially guess valid session tokens and gain unauthorized access to the API.</p>