CVE-2026-7018

Name of the Vulnerable Software and Affected Versions Datavane Datavines versions prior to e540d6dc04e2e6ad11907fb655f3728a13e7b939

Description An issue exists in the JWT Token Handler component within the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java. Manipulation of the tokenSecret argument can lead to the use of a hard-coded cryptographic key. This flaw allows for remote execution, although it requires a high level of complexity and is difficult to exploit.

Recommendations Apply patch e540d6dc04e2e6ad11907fb655f3728a13e7b939.