Skip to main content

Note Mark CVE-2026-44523

| EUVDEUVD-2026-30367 CRITICAL
Inadequate Encryption Strength (CWE-326)
2026-05-07 https://github.com/enchant97/note-mark GHSA-q6mh-rqwh-g786
10.0
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Source Code Evidence Fetched
May 07, 2026 - 21:46 vuln.today
Analysis Generated
May 07, 2026 - 21:46 vuln.today
CVE Published
May 07, 2026 - 21:08 nvd
CRITICAL 10.0

DescriptionGitHub Advisory

Summary

No minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte.

HS256 secrets below 32 bytes are brute-forceable offline, allowing attackers to recover the signing key and forge valid JWTs for arbitrary users.

---

Impact

An attacker who captures a single valid JWT (e.g, from cookies, logs, or network traffic) can:

\> Crack the signing secret offline using brute-force or wordlist attacks \> Forge valid JWTs for any user ID (including administrators) \> Authenticate without knowing any credentials

This results in full account takeover across the entire application with no server-side detection or rate limiting possible.

---

Details

In backend/config/utils.go, the Base64Decoded.UnmarshalText function decodes the JWT secret but does not validate its length or entropy.

In backend/core/auth.go, JWT tokens are signed using HS256 without enforcing minimum key size requirements.

According to RFC 7518 Section 3.2, HS256 keys must be at least 256 bits (32 bytes). Libraries such as PyJWT explicitly warn against shorter keys, but note-mark performs no such validation.

---

PoC

1- Deploy note-mark with a weak secret:

   JWT_SECRET = base64("testsecret123456789012345")

2- Register an account and capture the Auth-Session-Token cookie

3- Crack the secret offline (example using Python):

python
   import jwt, base64
   jwt.decode(TOKEN, base64.b64decode(SECRET), algorithms=["HS256"])

4- Forge a new token for any user UUID with extended expiry

5- Send the forged token in requests → server returns 200 Ok and authenticates as that user

---

Reproduction Steps

1- Deploy the application with a JWT secret shorter than 32 bytes (after base64 decoding) 2- Authenticate and capture a valid JWT 3- Perform offline brute-force or dictionary attack against the token signature 4- Recover the secret 5- Generate a forged JWT for another user 6- Use the forged token to access protected endpoints

---

Fix Recommendation

  • Enforce a minimum of 32 bytes (256 bits) for JWT secrets after base64 decoding
  • Reject weak secrets during configuration parsing (e.g., in Base64Decoded.UnmarshalText or config validation)
  • Optionally log warnings or fail startup if the secret is insecure

---

Resources

  • RFC 7518 Section 3.2 (JSON Web Algorithms - HMAC key size requirements)
  • CWE-326: Inadequate Encryption Strength
  • CWE-345: Insufficient Verification of Data Authenticity

---

AnalysisAI

JWT secret validation bypass in Note Mark allows full account takeover through offline token forgery. The Go-based note-taking application accepts HS256 signing secrets shorter than RFC 7518's required 32 bytes, enabling attackers to capture a single valid JWT from network traffic or logs, brute-force the weak secret offline, and forge authentication tokens for any user including administrators. Publicly available exploit code exists (vendor-published PoC in GitHub advisory GHSA-q6mh-rqwh-g786). Vendor-released patch available in commit 18b587758667 and release v0.19.4. CVSS 10.0 reflects unauthenticated network exploitation with scope change, though real-world impact requires JWT capture as a prerequisite.

Technical ContextAI

The vulnerability affects the JWT implementation in Note Mark's Go backend (pkg:go/github.com_enchant97_note-mark_backend). JWT (JSON Web Token) authentication uses cryptographic signatures to verify token authenticity without server-side session state. Note Mark implements HS256 (HMAC-SHA256), a symmetric signing algorithm where the same secret both signs and validates tokens. RFC 7518 Section 3.2 mandates minimum 256-bit (32-byte) keys for HS256 because shorter secrets are vulnerable to brute-force attacks - an attacker with a valid token can test billions of candidate secrets offline until finding one that produces a matching signature. The flaw maps to CWE-326 (Inadequate Encryption Strength) because config/utils.go's Base64Decoded.UnmarshalText function performs base64 decoding without length validation, and core/auth.go signs tokens with whatever key is provided. The patch adds a validate:"gte=32" constraint in config/config.go to enforce the 32-byte minimum during application startup, causing misconfigured deployments to fail safely rather than operate insecurely.

RemediationAI

Upgrade to Note Mark v0.19.4 or apply commit 18b587758667 from https://github.com/enchant97/note-mark/commit/18b58775866776ed400c403dd0ccad68c1fa4802. The patch adds validation requiring JWT_SECRET to decode to minimum 32 bytes, causing application startup to fail if the secret is weak. After upgrading, generate a new cryptographically strong secret (minimum 32 random bytes, base64-encoded) and update the JWT_SECRET environment variable - example: openssl rand -base64 32. Rotate the secret immediately if current value is under 32 bytes, as any previously issued tokens signed with the weak secret can be forged. Secret rotation invalidates all existing user sessions, requiring re-authentication. For unpatched systems awaiting upgrade, no effective workaround exists because the vulnerability is in core authentication logic - compensating controls (network segmentation, JWT expiry reduction) only limit attack surface but do not prevent token forgery if the secret is weak. Audit application logs for unexpected authentication patterns (admin logins from unusual IPs, token reuse across sessions) as potential indicators of forged tokens. Full advisory: https://github.com/enchant97/note-mark/security/advisories/GHSA-q6mh-rqwh-g786.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-44523 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy