Primary

Context

Bentley Systems iTwin Platform Access Token Exposure Vulnerability

Vulnerability

A vulnerability exists in Bentley Systems iTwin Platform due to the exposure of a Cesium ion access token in the source code of certain web pages. This token, which is no longer present as of March 27, 2026, could have been used by an unauthenticated attacker to enumerate or delete specific assets.

Impact

Exploitation of this vulnerability allowed for unauthorized enumeration or deletion of assets using the exposed Cesium ion access token.

Remediation

The exposed token has been removed and no longer enables access as of March 27, 2026.

Added: Apr 2, 2026, 9:13 PM

Updated: Apr 2, 2026, 9:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bentley Systems iTwin Platform Access Token Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating