Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.0
2N Access Commander session cookies not properly invalidated
CVE-2025-59786
Summary
Using 2N Access Commander version 3.4.2 or earlier may allow attackers to access your system after you've logged out due to session cookies not being properly cleared. This could be a security risk if you have sensitive information on your system. To protect your system, update to a version of 2N Access Commander that fixes this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| 2n | access_commander | <= 3.5 | – |
Original title
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
Original description
2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application.
nvd CVSS3.1
9.8
nvd CVSS4.0
6.0
Vulnerability type
CWE-613
- https://www.2n.com/en-GB/download/cve_2025_59786_acom_3_5_v1pdf Vendor Advisory
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026