Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2026-39381 is a low severity vulnerability with a CVSS score of 0.0. No known public exploits at this time.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
The GET /sessions/me endpoint returns _Session fields that the server operator explicitly configured as protected via the protectedFields server option. Any authenticated user can retrieve their own session's protected fields with a single request. The equivalent GET /sessions and GET /sessions/:objectId endpoints correctly strip protected fields.
The GET /sessions/me handler now re-fetches the session with the caller's auth context after validating the session token, ensuring protectedFields and CLP apply consistently with other session endpoints.
None.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.