All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

CVE-2026-4387: StrongDM State File Reuse Vulnerability Allows Session Hijacking

By

Hope Walker

1mo ago· 10 min readenNews

Summary

A security vulnerability (CVE-2026-4387) was discovered in StrongDM where state files containing session authentication information could be transferred between hosts, allowing attackers to reuse authenticated sessions both inside and outside the deployment environment. The attack requires user-level permissions to access the state file. The vulnerability was patched in StrongDM Desktop version 23.74.0 and CLI version 53.77.0.

Source

bskyCVE-2026-4387: StrongDM State File Reuse Vulnerability Allows Session Hijackingghst.ly

Key quotes

· 3 pulled
An attacker could transfer StrongDM state files, which hold session authentication information, between hosts to provide authenticated sessions.
The attacker could reuse state files both inside and outside of the environment where an organization deployed it and requires user-level permissions to access the file.
Reusing the state file will result in an authenticated session and access to infrastructure.
Snippet from the RSS feed
Public disclosure for CVE-2026-4387. State file could be transferred and used on other hosts without restriction

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.