CVE-2026-7018 | Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71 JWT Token TokenManager.java tokenSecret hard-coded key (Issue 580)

A vulnerability was found in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. It has been declared as critical. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the argument tokenSecret can lead to use of hard-coded cryptographic key
.

This vulnerability is handled as CVE-2026-7018. The attack can be executed remotely. Additionally, an exploit exists.

This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. It is advisable to implement a patch to correct this issue.

The project was informed of the problem early through a pull request but has not reacted yet.

CVE-2026-7018 | Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71 JWT Token TokenManager.java tokenSecret hard-coded key (Issue 580)

Post correlati

CVE-2025-68973 | GnuPG up to 2.4.8 g10/armor.c armor_filter multiple operations on resource in single-operation context

CVE-2024-54431 | Mohamed Riyaz Admin Customization Plugin up to 2.2 on WordPress cross-site request forgery

CVE-2024-40239 | Life Personal Diary App 17.5.0 on Android Fingerprint Authentication access control

CVE-2026-1175 | birkir prime up to 0.4.0.beta.0 GraphQL Directive /graphql information exposure (Issue 546)