rachelos WeRSS we-mp-rss JWT auth.py default key_CVE-2026-2215

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used.

Basic Information

ID CVE-2026-2215

Source VulDB

Published Feb 9, 2026 at 04:32

Affected Product

Vendor rachelos

Product WeRSS we-mp-rss

Version 1.4.0

Affected Versions rachelos WeRSS we-mp-rss 1.4.0
rachelos WeRSS we-mp-rss 1.4.1
rachelos WeRSS we-mp-rss 1.4.2
rachelos WeRSS we-mp-rss 1.4.3
rachelos WeRSS we-mp-rss 1.4.4
rachelos WeRSS we-mp-rss 1.4.5
rachelos WeRSS we-mp-rss 1.4.6
rachelos WeRSS we-mp-rss 1.4.7
rachelos WeRSS we-mp-rss 1.4.8

CWE Classification

CWE-1394

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. This issue affects some unknown processing of the file core/auth.py of the component JWT Handler. Performing a manipulation of the argument SECRET_KEY results in use of default cryptographic key. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used.",
    "published": "2026-02-09T04:32:06.678Z",
    "modified": "2026-02-09T04:32:06.678Z",
    "type": "cve",
    "title": "rachelos WeRSS we-mp-rss JWT auth.py default key",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344932\nhttps://vuldb.com/?ctiid.344932\nhttps://vuldb.com/?submit.752756\nhttps://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b",
    "id": "CVE-2026-2215",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1394"
    ],
    "cvelist": null,
    "sourceData": "rachelos WeRSS we-mp-rss 1.4.0\nrachelos WeRSS we-mp-rss 1.4.1\nrachelos WeRSS we-mp-rss 1.4.2\nrachelos WeRSS we-mp-rss 1.4.3\nrachelos WeRSS we-mp-rss 1.4.4\nrachelos WeRSS we-mp-rss 1.4.5\nrachelos WeRSS we-mp-rss 1.4.6\nrachelos WeRSS we-mp-rss 1.4.7\nrachelos WeRSS we-mp-rss 1.4.8",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WeRSS we-mp-rss",
    "version": "1.4.0",
    "vendor": "rachelos",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}