Description

HyperCloud versions 2.3.5 through 2.6.8 improperly allowed refresh tokens to be used directly for resource access and failed to invalidate previously issued access tokens when a refresh token was used. Because refresh tokens have a significantly longer lifetime (default one year), an authenticated client could use a refresh token in place of an access token to maintain long-term access without token rotation. Additionally, old access tokens remained valid after refresh, enabling concurrent or extended use beyond intended session boundaries. This vulnerability could allow prolonged unauthorized access if a token is disclosed.

INFO

Published Date :

2026-02-20T16:23:16.498Z

Last Modified :

2026-02-20T18:54:48.311Z

Source :

SoftIron
AFFECTED PRODUCTS

The following products are affected by CVE-2026-1842 vulnerability.

Vendors Products
Softiron
  • Hypercloud
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1842.

URL Resource
https://advisories.softiron.cloud/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability