Note Mark: OIDC-registered users authenticated by submitting password “null”

9.4 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: "null" to the internal login endpoint receives a valid session for that user. The bypass is unauthenticated and requires no user interaction. This issue has been patched in version 0.19.3.

AI Analysis

Unauthenticated password bypass vulnerability in Note Mark note-taking application

Basic Information

ID CVE-2026-41571

Source GitHub_M

Published May 4, 2026 at 17:42

Affected Product

Vendor enchant97

Product note-mark

Version = 0.19.2

Affected Versions enchant97 note-mark = 0.19.2

CWE Classification

CWE-287

AI Assessment

AI Score 9.4 / 10

AI Severity Critical

Vendor enchant97

Product Note Mark

Version 0.19.2

References

{
    "lastseen": "",
    "description": "Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt(\"null\") placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits password: \"null\" to the internal login endpoint receives a valid session for that user. The bypass is unauthenticated and requires no user interaction. This issue has been patched in version 0.19.3.",
    "published": "2026-05-04T17:42:32.428Z",
    "modified": "2026-05-04T17:42:32.428Z",
    "type": "cve",
    "title": "Note Mark: OIDC-registered users authenticated by submitting password \"null\"",
    "source": "GitHub_M",
    "references": "https://github.com/enchant97/note-mark/security/advisories/GHSA-pxf8-6wqm-r6hh\nhttps://github.com/enchant97/note-mark/releases/tag/v0.19.3",
    "id": "CVE-2026-41571",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "enchant97 note-mark = 0.19.2",
    "sourceHref": "",
    "cvss": {
        "score": 9.4,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "note-mark",
    "version": "= 0.19.2",
    "vendor": "enchant97",
    "ai_description": "Unauthenticated password bypass vulnerability in Note Mark note-taking application",
    "ai_severity": "Critical",
    "ai_vendor": "enchant97",
    "ai_product": "Note Mark",
    "ai_version": "0.19.2",
    "ai_score": 9.4
}

Note Mark: OIDC-registered users authenticated by submitting password “null”_CVE-2026-41571