SoftIron HyperCloud Improper Token Management Vulnerability Allowing Unauthorized Resource Access

Vulnerability

A vulnerability exists in SoftIron HyperCloud versions 2.3.5 prior to 2.6.8, allowing refresh tokens to be used directly for resource access. The application failed to invalidate access tokens when a refresh token was used, enabling long-term access without token rotation. This issue arises because refresh tokens have a longer lifespan, typically one year. As a result, an authenticated client could misuse a refresh token to gain extended access. Furthermore, the failure to revoke old access tokens after a refresh token was utilized allowed for concurrent or prolonged sessions, potentially leading to unauthorized access if a token was compromised.

Impact

Exploitation of this vulnerability could result in prolonged unauthorized access to resources, bypassing intended session limits.

Added: Feb 20, 2026, 5:52 PM

Updated: Feb 20, 2026, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.3

exploitability

5.9

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.3

exploitability

5.9

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SoftIron HyperCloud Improper Token Management Vulnerability Allowing Unauthorized Resource Access

Vulnerability

Impact

Affected Products

SoftIron HyperCloud

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating