THREATOPS
THREAT OPSThreat News › CVE-2026-4387: StrongDM State File Reuse

CVE-2026-4387: StrongDM State File Reuse

lowspecteropsPublished 2026-06-01

<p class="wp-block-paragraph" id="h-tl-dr"><strong><em>TL;DR</em></strong> : <em>An attacker could transfer StrongDM state files, which hold session authentication information, between hosts to provide authenticated sessions. The attacker could reuse state files both inside and outside of the environment where an organization deployed it and requires user-level permissions to access the file. Reus

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://specterops.io/blog/2026/06/01/cve-2026-4387-strongdm-state-file-reuse/