CVE-2026-42869 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: May 12, 2026
SOCFortress CoPilot - Authentication Bypass
Overview
SOCFortress CoPilot < 0.1.57 contains a broken authentication caused by a hardcoded JWT signing secret fallback in backend/app/auth/utils.py and .env.example, letting unauthenticated attackers forge admin-scoped JWTs and gain full control, exploit requires JWT_SECRET not set.
Severity & Score
Impact
Unauthenticated attackers can forge admin JWTs, gaining full control over the application and managed security tools.
Mitigation
Update to version 0.1.57 or later.
References
Social Media Activity(2 posts)
🚨 CVE-2026-42869 (CRITICAL): socfortress CoPilot <0.1.57 uses a hardcoded JWT secret, letting attackers forge admin tokens and seize control. Upgrade to 0.1.57+ and set JWT_SECRET securely! Details: https://radar.offseq.com/threat/cve-2026-42869-cwe-287-improper-authentication-in--a2c3bf34 #OffSeq #Vuln #CVE #InfoSec
View original post
🚨 CVE-2026-42869 (CRITICAL): socfortress CoPilot <0.1.57 uses a hardcoded JWT secret, letting attackers forge admin tokens and seize control. Upgrade to 0.1.57+ and set JWT_SECRET securely! Details: https://radar.offseq.com/threat/cve-2026-42869-cwe-287-improper-authentication-in--a2c3bf34 #OffSeq #Vuln #CVE #InfoSec
View original postRelated Resources
Details
- CVE ID
- CVE-2026-42869
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- broken_authentication
- Status
- new
- EPSS
- 11.9%
- Social Posts
- 2
CWE
- CWE-287
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H