CVE-2026-1114 β In parisneo/lollms version 2.1.0, the application's session management isβ¦
Image via opengraph.githubassets.com
π¨ CVE-2026-1114 In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret
refactor(config): use ASCIIColors for security logs Β· ParisNeo/lollms@a3b2b82
github.com
What This Means For You
- New vulnerability disclosed β verify if your stack is exposed.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-1114 | Auth Bypass | parisneo/lollms version 2.1.0, weak secret key for signing JWT, allows offline brute-force attack to recover secret |
π Recommended Tools
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158260 |
| Published | April 07, 2026 at 10:26 UTC |
| Original Link | https://github.com/parisneo/lollms/commit/a3b2b82b84d537a... |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Found this interesting? Follow us to stay ahead.
Share