CVE-2026-29023

Name of the Vulnerable Software and Affected Versions Keygraph Shannon (affected versions not specified)

Description Keygraph Shannon contains a hard-coded API key within its router configuration. When the router component is enabled and accessible, network attackers can use this publicly known key to authenticate. An attacker reaching the router port can proxy requests through the Shannon instance, utilizing the victim’s upstream provider API credentials. This can lead to unauthorized API usage and potential exposure of data within proxied requests and responses. The general exploitability of this issue has been mitigated with commit 023cc95. The affected API endpoint is the router configuration.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.