CVE-2026-3963 | perfree go-fastdfs-web up to 1.3.7 Apache Shiro RememberMe ShiroConfig.java rememberMeManager hard-coded key

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability classified as critical has been found in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded cryptographic key
.

This vulnerability is identified as CVE-2026-3963. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3963 | perfree go-fastdfs-web up to 1.3.7 Apache Shiro RememberMe ShiroConfig.java rememberMeManager hard-coded key

Post correlati

CVE-2024-3406 | WP Prayer Plugin up to 2.0.9 on WordPress Setting cross-site request forgery

CVE-2025-66073 | Cozmoslabs WP Webhooks Plugin up to 3.3.8 on WordPress deserialization

CVE-2024-6130 | 10Web Form Maker Plugin up to 1.15.25 on WordPress Setting cross site scripting

CVE-2024-41630 | Tenda AC18 15.03.3.10_EN fast_setting_wifi_set form_fast_setting_wifi_set ssid stack-based overflow