CVE-2026-40303 | openziti zrok up to 2.0.0 endpoints.GetSessionCookie resource consumption (GHSA-cpf9-ph2j-ccr9)

A vulnerability, which was classified as problematic, has been found in openziti zrok up to 2.0.0. Impacted is the function endpoints.GetSessionCookie. The manipulation leads to resource consumption.

This vulnerability is documented as CVE-2026-40303. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More