PT-2026-7067 · Rachelos · Werss We-Mp-Rss
Din4
·
Publicado
2026-02-09
·
Atualizado
2026-02-09
·
CVE-2026-2215
CVSS v3.1
3.7
Baixa
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
rachelos WeRSS we-mp-rss versions up to 1.4.8
Description
A flaw exists in the JWT Handler component within the core/auth.py file of rachelos WeRSS we-mp-rss. Manipulation of the
SECRET KEY argument leads to the use of a default cryptographic key. This issue is remotely exploitable and is considered difficult to exploit, but the exploit is publicly available.Recommendations
Versions prior to 1.4.8 should be updated.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Werss We-Mp-Rss