CVE-2026-32745 - Vulnerability Details

In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://www.jetbrains.com/privacy-security/issues-fixed/

History

Fri, 13 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings
Weaknesses		CWE-614
References		https://www.jetbrains.com/privacy-security/issues-fixed/
Metrics		cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: JetBrains

Published: 2026-03-13T15:50:04.434Z

Updated: 2026-03-13T15:50:04.434Z

Reserved: 2026-03-13T15:48:07.191Z

Link: CVE-2026-32745

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-13T19:55:09.983

Modified: 2026-03-13T19:55:09.983

Link: CVE-2026-32745

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object