PT-2026-7067 · Rachelos · Werss We-Mp-Rss
Din4
·
Published
2026-02-09
·
Updated
2026-02-09
·
CVE-2026-2215
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
rachelos WeRSS we-mp-rss versions up to 1.4.8
Description
A flaw exists in the JWT Handler component within the core/auth.py file of rachelos WeRSS we-mp-rss. Manipulation of the
SECRET KEY argument leads to the use of a default cryptographic key. This issue is remotely exploitable and is considered difficult to exploit, but the exploit is publicly available.Recommendations
Versions prior to 1.4.8 should be updated.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Werss We-Mp-Rss