CVE-2026-2215 | rachelos WeRSS we-mp-rss up to 1.4.8 JWT core/auth.py SECRET_KEY default key

Inserito da Angelo Barbosa | Feb 8, 2026 | CVE

A vulnerability classified as problematic has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key.

This vulnerability is identified as CVE-2026-2215. The attack can be initiated remotely. Additionally, an exploit exists.

CVE-2026-2215 | rachelos WeRSS we-mp-rss up to 1.4.8 JWT core/auth.py SECRET_KEY default key

Post correlati

CVE-2024-26615 | Linux Kernel up to 6.8-rc1 smc rmb_desc null pointer dereference

CVE-2024-0854 | Synology DiskStation Manager prior 7.2.1-69057-2 File Access redirect (SA_24_02)

CVE-2024-27325 | Tracker Software PDF-XChange Editor EMF File Parser out-of-bounds

CVE-2025-47790 | Nextcloud Server up to 29.0.14/30.0.8/31.0.2 config.php remember_login_cookie_lifetime improper authentication (GHSA-9h3w-f3h4-qqrh)