katalyst/koi

Releases179

Frequency3 weeks 6 days

Last Release 30 days ago

Stars9

Administration tools for Rails applications

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-44511 ↗	May 14, 2026Thursday, 14 May 2026, 17:16	7.4 HIGH	—
Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This vulnerability is fixed in 4.20.0 and 5.6.0.