Skip to main content

Rejetto HFS CVE-2026-61500

CRITICAL
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
2026-07-13 VulnCheck
9.3
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.1 HIGH

Network, unauthenticated (PR:N/UI:N) path to admin RCE gives C/I/A High; AC:H reflects the sampling and PRNG-state reconstruction needed to recover the key.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
Jul 13, 2026 - 19:26 vuln.today
Analysis Generated
Jul 13, 2026 - 19:26 vuln.today
CVE Published
Jul 13, 2026 - 17:21 cve.org
CRITICAL 9.3

DescriptionCVE.org

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random() generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's state, recover the signing key, and forge a valid administrator session cookie, leading to full administrative access and remote code execution via the server_code configuration feature.

AnalysisAI

Administrator session forgery in Rejetto HFS (HTTP File Server) versions 3.0.0 through 3.2.0 lets a remote unauthenticated attacker derive the server's session-cookie signing key. Because HFS seeds that key from JavaScript's non-cryptographic Math.random() and simultaneously leaks outputs of the same generator to clients during login, an attacker can sample a few login responses, reconstruct the PRNG state, and mint a valid admin cookie - yielding full administrative control and remote code execution through the server_code configuration feature. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Reach exposed HFS login endpoint
Delivery
Collect leaked Math.random() outputs from login responses
Exploit
Reconstruct PRNG state and recover signing key
Install
Forge signed administrator session cookie
C2
Authenticate as admin
Execute
Abuse server_code feature for command execution
Impact
Full host compromise (RCE)

Vulnerability AssessmentAI

Exploitation Exploitation requires that the HFS instance (versions 3.0.0-3.2.0) be network-reachable and that its login endpoint be accessible to the attacker, because the attack depends on collecting the Math.random() outputs disclosed in login responses to reconstruct the signing key. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H, score 9.3) rates this critical with no authentication and full confidentiality/integrity/availability impact, consistent with unauthenticated forgery leading to RCE. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach an internet-exposed HFS 3.x login page sends a small number of unauthenticated login requests and records the Math.random()-derived values leaked in the responses. Using those samples they reconstruct the generator's internal state offline, regenerate the session-cookie signing key, and forge a signed administrator cookie; presenting that cookie grants full admin access, after which they use the server_code configuration feature to execute arbitrary commands on the host. …
Remediation Vendor-released patch: 3.2.1 - upgrade every HFS instance to v3.2.1 or later immediately, as it addresses multiple session/authentication weaknesses affecting all prior 3.x versions (https://github.com/rejetto/hfs/releases/tag/v3.2.0...v3.2.1 changelog; release: https://github.com/rejetto/hfs/releases/tag/v3.2.1). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all Rejetto HFS instances on your network and determine which are running versions 3.0.0-3.2.0; immediately isolate or disable external network access to affected servers. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-61500 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy