THREAT OPS › Threat News › CVE-2026-4387: StrongDM State File Reuse
CVE-2026-4387: StrongDM State File Reuse
<p class="wp-block-paragraph" id="h-tl-dr"><strong><em>TL;DR</em></strong> : <em>An attacker could transfer StrongDM state files, which hold session authentication information, between hosts to provide authenticated sessions. The attacker could reuse state files both inside and outside of the environment where an organization deployed it and requires user-level permissions to access the file. Reus
MITRE ATT&CK techniques
Indicators of compromise
- CVE-2026-4387cve
- https://www.cve.org/CVERecord?id=CVE-2026-4387url
- http://127.0.0.1:65220/v2/authenticationurl
- http://127.0.0.1:65220/v2/accounturl
- https://security.strongdm.com/?tcuUid=56fde839-9388-4361-8d3b-9baa7b2de2edurl