Browse all 4 CVE security advisories affecting DuendeSoftware. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-26620 | Duende.AccessTokenManagement race condition when concurrently retrieving customized Client Credentials Access Tokens — fossCWE-367 | 5.9 | - | 2025-02-18 |
| CVE-2024-51987 | HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect — Duende.AccessTokenManagementCWE-270 | 5.4 | Medium | 2024-11-07 |
| CVE-2024-49755 | Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs — IdentityServerCWE-287 | 3.1 | Low | 2024-10-28 |
| CVE-2024-39694 | Duende IdentityServer Open Redirect vulnerability — IdentityServerCWE-601 | 4.7 | Medium | 2024-07-31 |
This page lists every published CVE security advisory associated with DuendeSoftware. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.