+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-06-23 (/Thread-HackerOne-Disclosed-Reports-2026-06-23)
HackerOne disclosed reports - 2026-06-23 - hashXploiter - 06-24-2026
resolved
CVE-2026-9545: exposing HTTP/3 early data
Bug reported by Eunsoo Kim was disclosed at June 24, 2026, 6:24 am | Improper Certificate Validation
resolved
CVE-2026-11856: cross-origin Digest auth state leak
Bug reported by John was disclosed at June 24, 2026, 6:21 am | Information Exposure Through Sent Data
resolved
Taskcluster web-server OAuth2 authorization codes are reusable and the exchange handler checks the wrong expiry column
Bug reported by Anshuman Bhartiya was disclosed at June 23, 2026, 12:37 pm | Authentication Bypass by Capture-replay
The Taskcluster web-server's OAuth2 token-exchange handler did not consume authorization codes and did not enforce the authorization-code expiry. A leaked authorization code could be replayed to mint additional bridge access tokens for the original user, past the 10-minute window required by the OAuth2 standard. The expiry check in the token-exchange handler and the bridge-token-to-credentials handler read the wrong expiry column, allowing expired codes to remain usable until the daily cleanup cron deleted them.