CVE-2026-1114 β In parisneo/lollms version 2.1.0, the application's session management isβ¦
Image via opengraph.githubassets.com
π¨ CVE-2026-1114 In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to the use of a weak secret key for signing JSON Web Tokens (JWT). This vulnerability allows an attacker to perform an offline brute-force attack to recover the secret
What This Means For You
- New vulnerability disclosed β verify if your stack is exposed.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-1114 | Auth Bypass | parisneo/lollms version 2.1.0, weak secret key for signing JWT, allows offline brute-force attack to recover secret |
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Published | April 07, 2026 at 10:26 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
WordPress Ditty Plugin: Authorization Bypass Exposes Non-Public Content
CVE-2026-9011 β The Ditty β Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and...
CVE-2026-8692 β The Vedrixa Forms β User Registration Form, Signup Form &
CVE-2026-8692 β The Vedrixa Forms β User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass...
CVE-2026-8684 β The MotoPress Hotel Booking plugin for WordPress is
CVE-2026-8684 β The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due...