CNNVD-202601-3328 Information

Jan 21, 2026 cve

CNNVD ID

CNNVD-202601-3328

CVE-2026-23996

CNNVD Published: 2026-01-21

Description (Chinese)

FastAPI Api Key是Athroniaeth个人开发者的一个安全密钥库。 FastAPI Api Key 1.1.0版本存在安全漏洞，该漏洞源于verify_key方法存在时序侧信道，可能导致攻击者通过测量响应延迟来推断API密钥的有效性。

Description (English)

FastAPI Api Key is a security key bank for Athroniaeth personal developers. There is a security loophole in version FastAPI Api Key 1.1.0, which stems from the time-sequenced channel of the Verify key method, which may lead the attackers to infer the validity of the API key by measuring the delay in the response.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-21

Last Modified

2026-02-24

References

https://github.com/Athroniaeth/fastapi-api-key/releases/tag/1.1.0 https://github.com/Athroniaeth/fastapi-api-key/commit/310b2c5c77305f38c63c0b917539a0344071dfd8 https://github.com/Athroniaeth/fastapi-api-key/security/advisories/GHSA-95c6-p277-p87g https://access.redhat.com/security/cve/cve-2026-23996

Share on: