CNNVD-202602-1374 Information

CNNVD ID

CNNVD-202602-1374

Related CVE

CVE-2026-2215

• CNNVD Published: 2026-02-09

Description (Chinese)

WeRSS是Rachel开源的一个微信公众号系统。 WeRSS 1.4.8及之前版本存在安全漏洞，该漏洞源于对组件JWT Handler中文件core/auth.py参数SECRET_KEY的错误操作，可能导致使用默认加密密钥。

Description (English)

WeRSS is a micro-intelligence public system at Rachel ’ s open source. WeRSS 1.4.8 and previous versions have a security loophole, which stems from an error in the document core/auth.py parameter SECRET KEY in component JWT Handler, which may lead to the use of the default encryption key.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Rachel

Published

2026-02-09

Last Modified

2026-02-24

References

https://vuldb.com/?id.344932 https://vuldb.com/?submit.752756 https://www.notion.so/WeRSS-Weak-JWT-Key-Leading-to-Authentication-Bypass-2feea92a3c41803faadae58327facd7b https://vuldb.com/?ctiid.344932 https://access.redhat.com/security/cve/cve-2026-2215