Requarks Wiki.js JWT Session Vulnerability Allowing Token Reuse After Logout

Vulnerability

A vulnerability in Requarks Wiki.js version 2.5.307 allows for the improper handling of JSON Web Tokens (JWT) during the logout process. The application fails to revoke or invalidate active tokens, leaving them valid for reuse. This issue impacts session integrity by allowing unauthorized access if a token is compromised. The vulnerability arises in the authentication resolver logic, affecting both the GraphQL endpoint and the logout mechanism.

Impact

The vulnerability enables the reuse of JWT tokens after logout, undermining session validity and user authentication.

Added: Nov 18, 2025, 6:21 PM

Updated: Nov 18, 2025, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

7.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.3

exploitability

7.4

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Requarks Wiki.js JWT Session Vulnerability Allowing Token Reuse After Logout

Vulnerability

Impact

Affected Products

Requarks Wiki.js

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating