{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-53661/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-11T14:25:46.528Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-53661","@id":"https://www.cve.org/CVERecord?id=CVE-2026-53661","description":"Boruta is a standalone authorization server that aims to implement OAuth 2.0 and Openid Connect up to decentralized identity specifications. Prior to version 0.9.1, boruta session cookies and the identity “remember me” cookie were set without the Secure attribute. In deployments where users could reach the same Boruta origin over plaintext HTTP, browsers could send these cookies over an unencrypted connection. An attacker able to observe or intercept that network traffic could recover a valid se"},"products":[{"@id":"cpe:2.3:a:malach-it:boruta-server:\\<_0.9.1:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:malach-it:boruta-server:\\<_0.9.1:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-11T14:25:46.528Z"}]}