Apache Syncope, a widely deployed open-source identity and access management platform, has disclosed a critical XML External Entity (XXE) vulnerability affecting its Console component. The flaw, tracked as CVE-2026-23795, allows authenticated administrators to execute XXE attacks and extract sensitive data from affected systems. Security researchers Follycat and Y0n3er discovered the vulnerability, which impacts multiple versions […] The post Apache Syncope Vulnerability Allows Attackers to Hijack Active User Sessions appeared first on Cyber Security News.