{"data":{"id":"3aba4dda-acf0-402d-98c9-e6b2a57cd3c1","title":"CVE-2026-42869: SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57,","summary":"SOCFortress CoPilot, a security operations management tool, has a critical flaw in versions before 0.1.57 where it uses a hardcoded JWT signing secret (a fixed password used to create secure authentication tokens) as a fallback. If users don't manually set their own JWT_SECRET, the application uses this publicly known secret, allowing attackers to forge fake admin tokens and take complete control without needing real credentials. This vulnerability is fixed in version 0.1.57.","solution":"Update SOCFortress CoPilot to version 0.1.57 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42869","publishedAt":"2026-05-11T20:25:43.347Z","cveId":"CVE-2026-42869","cweIds":["CWE-287","CWE-522","CWE-798"],"cvssScore":"10","cvssSeverity":"critical","severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["SOCFortress CoPilot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-11T20:25:43.347Z","capecIds":["CAPEC-114"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}