CVE-2026-59099: Apereo CAS 7.3.0 < 8.0.0-RC6 - AES-GCM Nonce Reuse Information Disclosure
Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution tokens from the unauthenticated login page and perform known-plaintext analysis to decrypt the webflow conversation state due to keystream reuse caused by a fixed all-zero IV paired with the same encryption key.
Metrics
- CVSS v4.0
- 9.3
- Severity
- CRITICAL
- Fixed in
- 8.0.0-RC6
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An AES-GCM nonce-reuse cryptographic vulnerability exists in Apereo CAS versions 7.3.0 through 8.0.0-RC6. The server reuses a fixed all-zero initialization vector with the same encryption key across its entire lifetime, meaning any unauthenticated remote attacker who collects multiple webflow execution tokens from the login page can perform known-plaintext analysis and recover the plaintext conversation state. Successful exploitation gives the attacker read access to confidential session state and the ability to tamper with authentication conversation data. A patched-image rebuild at version 8.0.0-RC6 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-59099 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle Apereo CAS. Any image with an Apereo CAS version in the affected range (7.3.0 to earlier than 8.0.0-RC6) is flagged automatically.
AvailableHarborGuard scores this CVE at 9.3 Critical using the CVSS v4.0 vector and weights it against each environment's compliance policy, escalating findings accordingly. Triage results are routed to the appropriate team inbox within each customer organization based on their configured alert rules.
AvailableA patched-image rebuild targeting Apereo CAS 8.0.0-RC6 is available on HarborGuard for any image found running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must reach the Apereo CAS login page over the network; exposure to any network-accessible instance is sufficient since the vulnerable endpoint is the unauthenticated login flow.
- AuthenticationNot required
No credentials or account are needed; the vulnerability is exploitable entirely through the public-facing unauthenticated login page.
- Victim interactionNot required
The attacker collects webflow execution tokens by interacting directly with the server; no victim user action is required.
- Attack complexityDetail
Exploitation is reliable and condition-free once multiple tokens are collected; no race conditions or memory-layout dependencies are involved.
Blast Radius
- Attacker decrypts webflow conversation state, reading confidential in-progress authentication session data such as credential fragments and identity assertions in transit.
- Attacker recovers keystream material reusable to forge or modify encrypted conversation tokens, allowing manipulation of the authentication flow state.
- Exposed conversation state may reveal service ticket targets, authentication context, and user-supplied credential inputs submitted during the login process.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-59099 is active across all customer pipelines, matching container images against the affected Apereo CAS version range the moment the CVE enters HarborGuard's ingestion pipeline. A patched rebuild at 8.0.0-RC6 is available for any image confirmed to carry an affected version. For customers with auto-remediation enabled, HarborGuard rebuilds the image at the fixed version, executes regression tests, and opens a pull request against affected workloads; for Critical-severity issues the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit automated remediation, the finding is surfaced in the triage queue with the CVSS 9.3 Critical score and full vector detail so engineering teams can act manually. As an interim compensating control while a rebuild is being validated, consider restricting external network access to the CAS login endpoint to known-good IP ranges via network policy and applying egress filtering to limit lateral reachability from a compromised CAS instance.
- apereo / cas< 8.0.0-RC6 (from 7.3.0)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N