CVE-2026-25726
Predictable PRNG in Cloudreve Allows JWT Forgery and Takeover
Publication date: 2026-04-03
Last updated on: 2026-04-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cloudreve | cloudreve | to 4.13.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-338 | The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25726 is a high-severity vulnerability in Cloudreve, a self-hosted file management system, affecting versions prior to 4.13.0. The issue stems from the use of a weak pseudo-random number generator (PRNG) based on Go's math/rand package seeded with the system time at startup to generate critical security secrets like secret_key and hash_id_salt.
An attacker can obtain the administrator's account creation time through public API endpoints, which narrows down the possible PRNG seed values. By brute-forcing the seed (which can take less than 3 hours on a consumer PC) and validating guesses using known hash IDs, the attacker can recover the secret_key.
With the recovered secret_key, the attacker can forge valid JSON Web Tokens (JWTs) for any user, including administrators, enabling full account takeover and privilege escalation.
This vulnerability is patched in Cloudreve version 4.13.0 by replacing the weak PRNG with a cryptographically secure random number generator and rotating the secret keys.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Cloudreve allows an attacker to predict critical security secrets and forge valid JSON Web Tokens (JWTs), leading to full account takeover and privilege escalation, including administrator accounts.
Such unauthorized access and privilege escalation can lead to exposure or manipulation of sensitive data, which may violate data protection requirements under common standards and regulations like GDPR and HIPAA.
Specifically, the compromise of authentication tokens and potential data breaches could result in non-compliance with confidentiality, integrity, and availability requirements mandated by these regulations.
Therefore, until patched or mitigated, this vulnerability poses a significant risk to compliance with standards that require strong access controls and protection of sensitive information.
How can this vulnerability impact me? :
This vulnerability allows an attacker to predict critical security secrets and forge valid authentication tokens for any user, including administrators.
As a result, an attacker can fully take over user accounts, escalate privileges, and gain unauthorized access to sensitive data and administrative functions within the Cloudreve system.
This can lead to data breaches, unauthorized data modification, and disruption of service availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your Cloudreve instance is running a version prior to 4.13.0 and if it uses the weak pseudo-random number generator seeded with time.Now().UnixNano() to generate critical secrets such as secret_key and hash_id_salt.
You can check the Cloudreve version by running a command on the server hosting Cloudreve, for example:
- cloudreve --version
Additionally, to detect if the vulnerable secrets are still in use, you can inspect the database for the secret_key and hash_id_salt values. Since the vulnerability involves the initial seeding time, you can also query the administrator account creation time via the public API endpoints to assess exposure.
No specific detection commands are provided, but manual inspection of the version and database secrets, combined with checking the administrator account creation timestamp via API, can help identify vulnerable instances.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Cloudreve to version 4.13.0 or later, which patches the vulnerability by replacing the weak PRNG with a cryptographically secure random number generator and automatically rotates the secret_key.
If upgrading immediately is not possible, you should manually rotate the critical secrets by performing the following steps:
- Stop the Cloudreve service.
- Replace the secret_key in the database with a long, random string generated securely, for example using the command: openssl rand -base64 64
- Restart the Cloudreve service.
Note that rotating the secret_key will log out all active users.