Bubba AI, Inc. 2261 Market Street, San Francisco, California, 94114 Finding Title: Concurrent Logins Allowed Severity: (CVSS3.1): 0.0 (Informational) Description: The vulnerability occurs when the application permits the same user account to maintain active sessions across multiple browsers or devices simultaneously. This allows an attacker who gains unauthorized access to valid credentials to sustain a persistent session without detection, even if the legitimate user is already logged in. Exploitation requires the attacker to be authenticated or to have access to valid user credentials, making exploitation difficult . An attacker can exploit this by logging in from a separate browser or device and maintaining an active parallel session. Successful exploitation could result in unauthorized account access, reduced session accountability, and difficulty detecting compromised accounts. Risk:  Increased risk of unnoticed unauthorized access.  Difficulty in identifying simultaneous suspicious sessions .  Higher impact if credentials are leaked, shared, or phished .  Reduced session integrity and accountability . Evidence: Testing confirmed that a user could log into the application from two separate browsers simultaneously. Both sessions remained active and functional without restrictions .