Submit #711519: https://github.com/PandaXGO https://github.com/PandaXGO/PandaX before commit fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 (As of December 10, 2025) Authentication Bypass by Primary Weaknessinfo

Titlehttps://github.com/PandaXGO https://github.com/PandaXGO/PandaX before commit fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 (As of December 10, 2025) Authentication Bypass by Primary Weakness
DescriptionPandaX uses a hard-coded JWT authentication key, and the authentication field logic in the authentication mechanism is insecure, allowing attackers to easily forge super administrator credentials and take over the entire system.
Source⚠️ https://github.com/PandaXGO/PandaX/issues/9
User
 28Hus (UID 92415)
Submission12/10/2025 04:22 AM (3 months ago)
Moderation12/27/2025 12:10 AM (17 days later)
StatusAccepted
VulDB entry338479 [PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 JWT Secret config.yml key hard-coded key]
Points16

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!