PT-2026-3645 · Unknown · Open 5Gs Webui
Rashley-Iqt
·
Published
2026-01-20
·
Updated
2026-02-03
·
CVE-2026-0622
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Open 5GS WebUI (affected versions not specified)
Description
The software utilizes a hard-coded JWT signing key ('change-me') if the
JWT SECRET KEY environment variable is not set. This can allow attackers to forge JWTs and potentially gain unauthorized access. JWT (JSON Web Token) is a standard for securely transmitting information between parties as a JSON object.Recommendations
Set the
JWT SECRET KEY environment variable to a strong, randomly generated secret key.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Open 5Gs Webui