6 matches found
CVE-2026-42869
SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWTSECR...
CVE-2026-42869 SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools
SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWTSECR...
CVE-2026-42869 SOCFortress CoPilot: Hardcoded JWT secret allows unauthenticated full admin compromise and lateral movement into all integrated SOC tools
SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWTSECR...
PT-2026-39734
Name of the Vulnerable Software and Affected Versions SOCFortress CoPilot versions prior to 0.1.57 Description The application contains a hardcoded JSON Web Token JWT signing secret used as a fallback value in the backend/app/auth/utils.py file and the .env.example file. In deployments where the...
PYSEC-2024-8
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...
CVE-2024-23732
The JSON loader in Embedchain before 0.1.57 allows a ReDoS regular expression denial of service via a long string to json.py...