13 matches found
CVE-2026-23996
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...
CVE-2026-23996
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...
CVE-2026-23996
CVE-2026-23996 concerns the FastAPI Api Key library. Version 1.1.0 is reported to expose a timing side-channel in verify_key(), where a random delay is applied only on verification failures. This enables an attacker to statistically distinguish valid from invalid API keys by measuring response la...
CVE-2026-23996 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...
CVE-2026-23996 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...
CVE-2026-23996 FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys b...
Timing Attack
Overview fastapi-api-key is a fastapi-api-key provides secure, production-ready API key management for FastAPI. It offers pluggable hashing strategies Argon2 or bcrypt, backend-agnostic persistence currently SQLAlchemy, and an optional cache layer aiocache. Includes a Typer CLI and a FastAPI rout...
GHSA-95C6-P277-P87G FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
Impact Timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a...
FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection
Impact Timing side-channel vulnerability in verifykey. The method applied a random delay only on verification failures, allowing an attacker to statistically distinguish valid from invalid API keys by measuring response latencies. With enough repeated requests, an adversary could infer whether a...
FastAPI API Key security vulnerability
The FastAPI API Key is a secure key store developed by Athroniaeth’s individual developers. There is a security vulnerability in the FastAPI API Key version 1.1.0; this vulnerability stems from a timing side channel in the verifykey method, which may allow attackers to infer the validity of the A...
PT-2026-3874
Name of the Vulnerable Software and Affected Versions FastAPI Api Key versions prior to 1.1.0 Description The verify key function in FastAPI Api Key contains a timing side-channel that allows an attacker to differentiate between valid and invalid API keys by measuring response latencies. The meth...
UBUNTU-CVE-2025-22874
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...
EARCLINK ESPCMS SQL Injection Vulnerability
EARCLINK ESPCMS is a set of enterprise building system of China Honghu Erchuang Netlink Information Technology Co. A SQL injection vulnerability exists in the installpack/espcmspublic/espcmsdb.php file in the P8 version of EARCLINK ESPCMS, which can be exploited to execute arbitrary SQL commands ...