CVE-2026-43828 | Apache Shiro up to 2.1.0/3.0.0-alpha-1 missing secure attribute

A vulnerability was found in Apache Shiro up to 2.1.0/3.0.0-alpha-1. It has been rated as problematic. This impacts an unknown function. The manipulation leads to sensitive cookie without secure attribute.

This vulnerability is documented as CVE-2026-43828. The attack can be initiated remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More