CVE-2026-39031
Received Received - Intake
Hardcoded RC4 Key Encryption in Lansweeper lsrunase and lsencrypt

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: MITRE

Description
Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-27
EPSS Evaluated
N/A
NVD
CVE-2026-39031
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
lansweeper lsrunase 2.0
lansweeper lsencrypt 2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Lansweeper lsrunase 2.0 and lsencrypt 2.0, which use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials.

An 8-character prefix is stored in cleartext alongside the ciphertext, which allows an attacker with local access to recover any encrypted password to plaintext.

The recovery requires only a single SHA-1 hash and RC4 decryption operation, with no brute force needed.

Impact Analysis

An attacker with local access can recover encrypted passwords in plaintext without needing to perform brute force attacks.

This compromises the confidentiality of stored credentials, potentially allowing unauthorized access to systems or data protected by those credentials.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39031. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart