CVE-2026-63094
SigNoz · signoz
SigNoz is susceptible to open redirection and insufficient verification of data authenticity, which can be leveraged to manipulate SSO/OAuth state and facilitate session token theft.
Executive summary
A vulnerability in SigNoz allows for open redirection and token theft, potentially leading to unauthorized account access via SSO manipulation.
Vulnerability
The vulnerability encompasses an open redirect flaw (CWE-601) and insufficient verification of data authenticity (CWE-345). An attacker can exploit these issues to manipulate OAuth state parameters, leading to the interception or theft of session tokens during the authentication flow.
Business impact
Exploitation of this vulnerability poses a significant risk to user account security. With a CVSS score of 8.1, the potential for session hijacking and unauthorized access to monitoring data is high, which could lead to both data exposure and further compromise of the integrated observability platform.
Remediation
Immediate Action: Update SigNoz to the latest secure version beyond 0.133.0 as specified by the vendor advisory.
Proactive Monitoring: Monitor access logs for abnormal redirect requests and unusual OAuth callback activity that could signify an attempt to manipulate authentication states.
Compensating Controls: Implement strict Content Security Policies (CSP) and ensure that OAuth redirect URIs are strictly validated on the server side to prevent unauthorized redirection.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Given the potential for session token theft and account takeover, administrators should treat this vulnerability with high urgency. Updating to the latest version of SigNoz is the most effective way to remediate these authentication-related flaws.