CVE-2026-44523
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Summary
Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| enchant97 | note-mark | < 0.19.4 | affected |
Weaknesses
- CWE-326: CWE-326: Inadequate Encryption Strength
- CWE-345: CWE-345: Insufficient Verification of Data Authenticity
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.