PT-2026-35503 · Note Mark · Note Mark

Adrgs

Published

2026-04-25

Updated

2026-05-23

CVE-2026-41571

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.19.3

Description An authentication bypass exists in the internal login endpoint. The IsPasswordMatch() function in backend/db/models.go uses a hard-coded bcrypt("null") placeholder when a user has no stored password. Since OIDC-registered users are created without a password, an unauthenticated attacker can obtain a valid session by submitting "null" in the password variable.

Recommendations Update to version 0.19.3.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2026-41571

GHSA-PXF8-6WQM-R6HH

Affected Products

Note Mark

PT-2026-35503 · Note Mark · Note Mark

CVE-2026-41571

Weakness Enumeration

Related Identifiers

Affected Products

References · 16