Vulnerabilities

CVE-2026-35383

by Fred · 02/04/2026

Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to enumerate or delete certain assets. As of 2026-03-27, the token is no longer present in the web pages and cannot be used to enumerate or delete assets.

More information : https://cesium.com/learn/ion/cesium-ion-access-tokens/

Similar

Tags: Cybersecurity Alert