PT-2026-3645 · Unknown · Open 5Gs Webui

Rashley-Iqt

Publicado

2026-01-20

Atualizado

2026-02-03

CVE-2026-0622

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Open 5GS WebUI (affected versions not specified)

Description The software utilizes a hard-coded JWT signing key ('change-me') if the JWT SECRET KEY environment variable is not set. This can allow attackers to forge JWTs and potentially gain unauthorized access. JWT (JSON Web Token) is a standard for securely transmitting information between parties as a JSON object.

Recommendations Set the JWT SECRET KEY environment variable to a strong, randomly generated secret key.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2026-0622

Produtos afetados

Open 5Gs Webui

PT-2026-3645 · Unknown · Open 5Gs Webui

CVE-2026-0622

Identificadores relacionados

Produtos afetados

Referências · 9