session-management 3

• Authentication Bypass via Forged Remember-Me Cookie | Skein May 31, 2026
• Privilege Escalation – Client-Side Role Cookie Tampering | Session Swap May 29, 2026
• JWT alg:none Authentication Bypass to Admin Access | EverGreen May 10, 2026