codeigniter4/framework is vulnerable to authentication bypass. The vulnerability exists due to the improper session handling in the library when the session handler is set to DatabaseHandler
, MemcachedHandler
, or RedisHandler
, allowing an attacker to access pages that require another session cookie.