Vulnerabilities

CVE-2026-23958 - DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Passw...

2026-01-22 0 views admin
CVE-2026-23958 - DataEase Vulnerable to Brute-Force Attack on Admin JWT Secret Derived from Passw...

CVE ID : CVE-2026-23958 Published : Jan. 22, 2026, 2:15 a.m. | 1 hour, 30 minutes ago Description : Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints that verify JWT tokens. The vulnerability has been fixed in v2.10.19. No known workarounds are available. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
HIGH
Published
Jan. 22, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-23958high

More from Vulnerabilities

CVE-2026-23957 - seroval is vulnerable to Denial of Service via array serialization

CVE-2026-23957 - seroval is vulnerable to Denial of Service via array serialization

2026-01-22 0
CVE-2026-23956 - seroval affected by Denial of Service via RegExp serialization

CVE-2026-23956 - seroval affected by Denial of Service via RegExp serialization

2026-01-22 0
CVE-2026-23699 - A10 Networks OS Command Injection Vulnerability

CVE-2026-23699 - A10 Networks OS Command Injection Vulnerability

2026-01-22 0
CVE-2026-24034 - Horilla has File Upload XSS

CVE-2026-24034 - Horilla has File Upload XSS

2026-01-22 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views