CVE-2026-2215

🗓️ 09 Feb 2026 04:32:06Reported by VulDBType

Remote exploit in rachelos WeRSS up to 1.4.8 allows default cryptographic key when SECRET_KEY is manipulated.

Reporter	Title	Published	Views	Family All 7
ATTACKERKB	CVE-2026-2215	9 Feb 202604:32	–	attackerkb
CNNVD	WeRSS 安全漏洞	9 Feb 202600:00	–	cnnvd
Cvelist	CVE-2026-2215 rachelos WeRSS we-mp-rss JWT auth.py default key	9 Feb 202604:32	–	cvelist
NVD	CVE-2026-2215	9 Feb 202605:16	–	nvd
Positive Technologies	PT-2026-7067	9 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-2215	10 Feb 202607:33	–	redhatcve
Vulnrichment	CVE-2026-2215 rachelos WeRSS we-mp-rss JWT auth.py default key	9 Feb 202604:32	–	vulnrichment

Vulners

Node

rachelos werss_we-mp-rssMatch1.4.0

rachelos werss_we-mp-rssMatch1.4.1

rachelos werss_we-mp-rssMatch1.4.2

rachelos werss_we-mp-rssMatch1.4.3

rachelos werss_we-mp-rssMatch1.4.4

rachelos werss_we-mp-rssMatch1.4.5

rachelos werss_we-mp-rssMatch1.4.6

rachelos werss_we-mp-rssMatch1.4.7

rachelos werss_we-mp-rssMatch1.4.8

[
  {
    "vendor": "rachelos",
    "product": "WeRSS we-mp-rss",
    "versions": [
      {
        "version": "1.4.0",
        "status": "affected"
      },
      {
        "version": "1.4.1",
        "status": "affected"
      },
      {
        "version": "1.4.2",
        "status": "affected"
      },
      {
        "version": "1.4.3",
        "status": "affected"
      },
      {
        "version": "1.4.4",
        "status": "affected"
      },
      {
        "version": "1.4.5",
        "status": "affected"
      },
      {
        "version": "1.4.6",
        "status": "affected"
      },
      {
        "version": "1.4.7",
        "status": "affected"
      },
      {
        "version": "1.4.8",
        "status": "affected"
      }
    ],
    "modules": [
      "JWT Handler"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
notion	www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b
vuldb	www.vuldb.com/

29 Apr 2026 01:00Current

4.7Medium risk

Vulners AI Score4.7

CVSS 22.6

CVSS 3.13.7

CVSS 46.3

CVSS 33.7

EPSS0.00044

SSVC

CWE-1394

remote exploit rachelos werss we mp rss default key secret key manipulation json web token web token handler