CNNVD-202601-009 Information

CNNVD ID

CNNVD-202601-009

Related CVE

CVE-2025-68620

• CNNVD Published: 2026-01-01

Description (Chinese)

Signal K Server是Signal K开源的一个船用中央服务器。 Signal K Server 2.19.0之前版本存在安全漏洞，该漏洞源于未经验证的WebSocket请求枚举和令牌轮询功能可被链接利用，可能导致身份验证完全绕过。

Description (English)

Signal K Server is a central shipping server for Signal K Open Source. There was a security loophole in the previous version of Signal K Server 2.19.0, which originated from unverified WebSocket requests for the Quicking and Questing function that could be linked and could lead to a complete circumvention of identification.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Signal K

Published

2026-01-01

Last Modified

2026-02-24

References

https://github.com/SignalK/signalk-server/releases/tag/v2.19.0 https://github.com/SignalK/signalk-server/security/advisories/GHSA-fq56-hvg6-wvm5

Patch

https://github.com/SignalK/signalk-server/releases