CVE-2025-26620 | DuendeSoftware foss up to 3.1.x HttpContext.GetClientAccessTokenAsync toctou

CVE-2025-26620 | DuendeSoftware foss up to 3.1.x HttpContext.GetClientAccessTokenAsync toctou

A vulnerability, which was classified as problematic, was found in DuendeSoftware foss up to 3.1.x. This affects the function HttpContext.GetClientAccessTokenAsync. The manipulation leads to time-of-check time-of-use. This vulnerability is uniquely identified as CVE-2025-26620. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.