CVE-2025-66803 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session c…
Medium CVSS: 4.8

CVE-2025-66803

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays (e.g. delaying requests based on sequence or timing) or by physically proximate attackers when the race condition occurs naturally on shared computers.
Vendor
Hotwired
Product
Turbo
CWE
CWE-362
Yayın Tarihi
2026-01-20 19:15:49
Güncelleme
2026-01-30 20:03:34
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-362 Turbo MEDIUM Hotwired 2026

Referanslar

https://github.com/hotwired/turbo/pull/1399 https://github.com/hotwired/turbo/security/advisories/GHSA-qppm-g56g-fpvp https://turbo.hotwired.dev/handbook/frames