CVE-2026-0622
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-02-03
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Open5GS occurs because the WebUI uses a hard-coded default JWT signing key ('change-me') whenever the environment variable JWT_SECRET_KEY is not set. Since the documentation does not inform users about the need to set this environment variable, many installations may unknowingly use this weak default key. This allows attackers to potentially forge JWT tokens or reverse engineer passwords, compromising the security of the system. [1, 3]
How can this vulnerability impact me? :
If the JWT_SECRET_KEY environment variable is not set, the system uses a predictable, hard-coded secret key. This can allow attackers to spoof JWT tokens, gain unauthorized access, or reverse engineer passwords, leading to potential unauthorized control or data exposure within the Open5GS system. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if the environment variable JWT_SECRET_KEY is set on your Open5GS WebUI server. If it is unset or empty, the system uses the default insecure hard-coded key 'change-me'. For example, on the server running Open5GS, run the command: `echo $JWT_SECRET_KEY`. If the output is empty or 'change-me', your system is vulnerable. Additionally, inspecting the running process environment or configuration files for the presence and value of JWT_SECRET_KEY can help detect this issue. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediately set the environment variable JWT_SECRET_KEY to a strong, random secret value before starting the Open5GS WebUI service. This prevents the system from falling back to the default insecure key 'change-me'. Restart the Open5GS service after setting this variable to ensure the new secret is used. Avoid using default or predictable secret keys. Monitoring for updates or patches that replace the default key with randomized secrets is also recommended. [1, 2, 3]