NVD/NISTCVE-2025-10470
Magic Link Auth Flaw Enables DoS
PublishedMay 11, 2026 at 12:16 PM·high
What happened
A high-severity vulnerability (CVE-2025-10470) in the Magic Link authentication flow allows attackers to repeatedly send invalid login requests, causing uncontrolled memory growth and crashing the service. Deployments relying on Magic Link authentication are at risk of denial-of-service outages. Administrators should apply available patches, monitor for abnormal authentication traffic, and enforce rate limiting at the network or proxy layer until a fix is in place.
Tags
#cve-2025-10470#denial-of-service#authentication#vulnerability
Source reference
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/ ↗See how Fortify maps this threat to your compliance posture.
14-day free trial · no credit card · HIPAA, SOC 2, ISO 27001, GDPR
Sign Up →