Chimppppy

**Name of the Vulnerable Software and Affected Versions** SOCFortress CoPilot versions prior to 0.1.57 **Description** The application contains a hardcoded JSON Web Token (JWT) signing secret used as a fallback value in the `backend/app/auth/utils.py` file and the `.env.example` file. In deployments where the `JWT SECRET` variable is not explicitly configured, such as the default Docker Compose setup, the system uses this publicly known value to sign authentication tokens. This allows an unauthenticated attacker to forge admin-scoped tokens and gain full control over the application and its managed security tools. **Recommendations** Update to version 0.1.57. Explicitly set the `JWT SECRET` variable in the environment configuration to replace the default fallback value.