CVE-2025-10470

Description

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger.

References

• https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/