All 3 CVE vulnerabilities found in kratos, with AI-generated Chinese analysis, references, and POCs.
Vendor: ory
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-6993 | go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy CWE-441 | 5.3 | Medium | 2026-04-25 |
| CVE-2026-33503 | Ory Kratos has a SQL injection via forged pagination tokens CWE-89 | 7.2 | High | 2026-03-26 |
| CVE-2024-45042 | Ory Kratos's `highest_available` setting does not properly respect code + mfa credentials CWE-287 | 4.4 | Medium | 2024-09-26 |
All 3 known CVE vulnerabilities affecting kratos with full Chinese analysis, references, and POCs where available.