CVE-2026-35383 identifies a vulnerability in the Bentley Systems iTwin Platform where a Cesium ion access token was embedded in the source code of certain web pages. Cesium ion tokens are used to authenticate and authorize access to geospatial assets and services. The exposure of this token in publicly accessible web pages allowed unauthenticated attackers to leverage it to enumerate (list) or delete assets managed by the platform. This vulnerability is classified under CWE-540, which concerns the inclusion of sensitive information such as credentials or tokens in source code, leading to unintended information disclosure. The attack vector is network-based with no authentication or user interaction required, making exploitation relatively straightforward for an attacker who discovers the token. The impact primarily affects confidentiality (limited to asset enumeration) and availability (potential deletion of assets), but does not affect integrity or system-wide control. The vendor removed the token from the web pages as of March 27, 2026, effectively mitigating the vulnerability. No patches or updates are explicitly listed, but the removal of the token is the key remediation step. No known exploits have been reported in the wild, suggesting limited active exploitation. The CVSS 3.1 score of 6.5 reflects a medium severity rating, balancing ease of exploitation against limited impact scope.

The vulnerability allows attackers to enumerate and delete certain assets within the Bentley iTwin Platform, potentially disrupting engineering, construction, and infrastructure projects that rely on accurate geospatial data. Unauthorized deletion of assets can lead to data loss, operational delays, and increased recovery costs. Asset enumeration could expose sensitive project information or intellectual property, leading to confidentiality breaches. Since the token was exposed publicly, any attacker with access to the web pages could exploit this without authentication, increasing the risk of opportunistic attacks. However, the impact is limited to the scope of assets accessible via the token and does not extend to full system compromise or integrity of other platform components. Organizations relying on the iTwin Platform for critical infrastructure digital twins or project management may face operational disruptions and reputational damage if exploited. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat if tokens remain exposed in legacy deployments.

Organizations should immediately verify that their iTwin Platform deployments no longer expose Cesium ion access tokens in any web page source code or client-side scripts. Conduct thorough code and configuration reviews to ensure no sensitive tokens or credentials are embedded in publicly accessible resources. Rotate any Cesium ion tokens that may have been exposed to invalidate compromised credentials. Implement strict access controls and monitoring on asset management APIs to detect and prevent unauthorized enumeration or deletion attempts. Employ web application firewalls (WAFs) to detect anomalous requests targeting asset enumeration or deletion endpoints. Educate development and operations teams on secure coding practices to avoid embedding sensitive information in source code or client-side assets. Regularly audit and update third-party components and dependencies to incorporate vendor fixes. Engage with Bentley Systems support to confirm remediation status and receive guidance on secure configuration. Maintain incident response readiness to quickly address any signs of exploitation or data loss.