1. Critical Authorization Gap in Gateway Enables Cross-User Session Hijacking
A critical security flaw has been identified in the WebSocket gateway module responsible for session reconnection handling. The vulnerability exists in `internal/gateway/conn.go`, which manages the AEP init handshake for WebSocket connections. During session reconnection, when a client provides an existing `session_id`...