CVE-2026-40945

Vulnerability Description

Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. This vulnerability is fixed in 0.16.2.

Related Weaknesses (CWE)

CWE-532

References

https://github.com/oxia-db/oxia/security/advisories/GHSA-pm7q-rjjx-979p

FAQ

What is CVE-2026-40945?

CVE-2026-40945 is a documented vulnerability. Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in productio...

How severe is CVE-2026-40945?

CVSS scoring is not yet available for CVE-2026-40945. Check NVD for updates.

Is there a patch for CVE-2026-40945?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.