CVE-2026-3963 perfree go-fastdfs-web Apache Shiro RememberMe ShiroConfig.java rememberMeManager hard-coded key

🗓️ 11 Mar 2026 23:02:08Reported by VulDBType

Flaw in perfree go-fastdfs-web up to 1.3.7 allows remote attack via hard-coded Shiro RememberMe key.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-3963	11 Mar 202623:02	–	attackerkb
Circl	CVE-2026-3963	11 Mar 202622:16	–	circl
CNNVD	go-fastdfs-web 安全漏洞	11 Mar 202600:00	–	cnnvd
CVE	CVE-2026-3963	11 Mar 202623:02	–	cve
EUVD	EUVD-2026-11485	12 Mar 202600:31	–	euvd
NVD	CVE-2026-3963	11 Mar 202623:16	–	nvd
Positive Technologies	PT-2026-24894	11 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-3963	26 Mar 202615:18	–	redhatcve
Vulnrichment	CVE-2026-3963 perfree go-fastdfs-web Apache Shiro RememberMe ShiroConfig.java rememberMeManager hard-coded key	11 Mar 202623:02	–	vulnrichment

[
  {
    "vendor": "perfree",
    "product": "go-fastdfs-web",
    "versions": [
      {
        "version": "1.3.0",
        "status": "affected"
      },
      {
        "version": "1.3.1",
        "status": "affected"
      },
      {
        "version": "1.3.2",
        "status": "affected"
      },
      {
        "version": "1.3.3",
        "status": "affected"
      },
      {
        "version": "1.3.4",
        "status": "affected"
      },
      {
        "version": "1.3.5",
        "status": "affected"
      },
      {
        "version": "1.3.6",
        "status": "affected"
      },
      {
        "version": "1.3.7",
        "status": "affected"
      }
    ],
    "modules": [
      "Apache Shiro RememberMe"
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
notion	www.notion.so/go-fastdfs-web-Hardcoded-Apache-Shiro-Cipher-Key-reach-RCE-313ea92a3c41806fae44dffe53e69751

11 Mar 2026 23:02Current

CVSS 22.6

CVSS 3.13.7

CVSS 33.7

CVSS 46.3

EPSS0.00044