Security Advisory

CVE-2026-40939

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-21 21:07:10

Last updated 2026-04-22 17:44:03

Assigner GitHub_M

State PUBLISHED

Description

The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This vulnerability is fixed in 2.1.0.

← Browse all CVEs View on cve.org ↗