{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40127", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2026-04-09T10:15:00.973Z", "datePublished": "2026-05-25T10:18:05.904Z", "dateUpdated": "2026-05-26T15:20:07.870Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Lifetime", "vendor": "OutSystems", "versions": [{"lessThan": "11.28.2.3955", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Zbigniew Piotrak (AFINE Team)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">OutSystems Lifetime is vulnerable to A</span>uthorization Bypass Through User-Controlled Key vulnerability in <i>ApplicationID</i> parameter. Any authenticated user, can&nbsp;read the Change Log containing actions performed by other users as well as application name of any application.<br><br>This issue was fixed in OutSystems Lifetime version&nbsp;11.28.2.3955<br>"}], "value": "OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can\u00a0read the Change Log containing actions performed by other users as well as application name of any application.\n\nThis issue was fixed in OutSystems Lifetime version\u00a011.28.2.3955"}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 5.3, "baseSeverity": "MEDIUM", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-05-25T10:18:05.904Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2026/05/CVE-2026-40126/"}, {"tags": ["product"], "url": "https://www.outsystems.com/downloads/ScreenDetails?ReleaseId=22953&MajorVersion=11&ComponentName=LifeTime"}], "source": {"discovery": "EXTERNAL"}, "title": "Authorization Bypass Through User-Controlled Key in OutSystems Lifetime", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-26T15:11:49.294978Z", "id": "CVE-2026-40127", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T15:20:07.870Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40127", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-26T15:11:49.294978Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-26T15:20:00.729Z"}}], "cna": {"title": "Authorization Bypass Through User-Controlled Key in OutSystems Lifetime", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Zbigniew Piotrak (AFINE Team)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OutSystems", "product": "Lifetime", "versions": [{"status": "affected", "version": "0", "lessThan": "11.28.2.3955", "versionType": "semver"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert.pl/en/posts/2026/05/CVE-2026-40126/", "tags": ["third-party-advisory"]}, {"url": "https://www.outsystems.com/downloads/ScreenDetails?ReleaseId=22953&MajorVersion=11&ComponentName=LifeTime", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can\u00a0read the Change Log containing actions performed by other users as well as application name of any application.\n\nThis issue was fixed in OutSystems Lifetime version\u00a011.28.2.3955", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">OutSystems Lifetime is vulnerable to A</span>uthorization Bypass Through User-Controlled Key vulnerability in <i>ApplicationID</i> parameter. Any authenticated user, can&nbsp;read the Change Log containing actions performed by other users as well as application name of any application.<br><br>This issue was fixed in OutSystems Lifetime version&nbsp;11.28.2.3955<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-05-25T10:18:05.904Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40127", "state": "PUBLISHED", "dateUpdated": "2026-05-26T15:20:07.870Z", "dateReserved": "2026-04-09T10:15:00.973Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2026-05-25T10:18:05.904Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can\u00a0read the Change Log containing actions performed by other users as well as application name of any application.\n\nThis issue was fixed in OutSystems Lifetime version\u00a011.28.2.3955"}], "id": "CVE-2026-40127", "lastModified": "2026-05-26T20:00:24.897", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cvd@cert.pl", "type": "Secondary"}]}, "published": "2026-05-25T11:16:17.443", "references": [{"source": "cvd@cert.pl", "url": "https://cert.pl/en/posts/2026/05/CVE-2026-40126/"}, {"source": "cvd@cert.pl", "url": "https://www.outsystems.com/downloads/ScreenDetails?ReleaseId=22953&MajorVersion=11&ComponentName=LifeTime"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "cvd@cert.pl", "type": "Primary"}]}

{}