CVE-2026-35383 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate…
Medium CVSS: 6.9

CVE-2026-35383

Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. As of 2026-03-27, the token is no longer present in the web pages and cannot be used to enumerate or delete assets.
Vendor
-
Product
-
CWE
CWE-540
Yayın Tarihi
2026-04-02 20:16:29
Güncelleme
2026-04-03 16:10:23
Source Identifier
9119a7d8-5eab-497f-8521-727c672e3725
KEV Date Added
-

Kategoriler

CWE-540 MEDIUM 2026

Referanslar

https://cesium.com/learn/ion/cesium-ion-access-tokens/ https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-092-01.json https://www.cve.org/CVERecord?id=CVE-2026-35383