Submit #711519: https://github.com/PandaXGO https://github.com/PandaXGO/PandaX before commit fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 (As of December 10, 2025) Authentication Bypass by Primary Weaknessinfo

Titlehttps://github.com/PandaXGO https://github.com/PandaXGO/PandaX before commit fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 (As of December 10, 2025) Authentication Bypass by Primary Weakness
DescriptionPandaX uses a hard-coded JWT authentication key, and the authentication field logic in the authentication mechanism is insecure, allowing attackers to easily forge super administrator credentials and take over the entire system.
Source⚠️ https://github.com/PandaXGO/PandaX/issues/9
User
 28Hus (UID 92415)
Submission12/10/2025 04:22 (6 months ago)
Moderation12/27/2025 00:10 (17 days later)
StatusAccepted
VulDB entry338479 [PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5 JWT Secret config.yml key hard-coded key]
Points16

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!