CVE-2026-5622

Name of the Vulnerable Software and Affected Versions hcengineering Huly Platform version 0.7.382

Description A vulnerability exists in hcengineering Huly Platform version 0.7.382 related to the JWT Token Handler component, specifically within the file foundations/core/packages/token/src/token.ts. The issue involves the manipulation of the SERVER SECRET argument with a specific input secret, leading to the use of a hard-coded cryptographic key. This manipulation can be initiated remotely and is considered to have high complexity, but exploitation is difficult.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the JWT Token Handler component or the token.ts file until a patch is available.