CVE-2026-42869
CriticalSummary
In versions prior to 0.1.57, SOCFortress CoPilot contained a hardcoded JWT signing secret, allowing attackers to forge admin-scoped tokens. If JWT_SECRET is not set, all authentication tokens are signed with this publicly known key.
Risk Assessment
An unauthenticated attacker can gain full control over the application and all security tools it manages, posing a serious threat to the organization's security.
Recommendation
It is recommended to upgrade to version 0.1.57 or later and ensure that JWT_SECRET is always explicitly set in the configuration.
Original NVD description (English source)
SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Prior to 0.1.57, SOCFortress CoPilot ships a hardcoded JWT signing secret as a fallback value in backend/app/auth/utils.py:28 and ships it verbatim in .env.example. Any deployment where JWT_SECRET is not explicitly set — including the default Docker Compose setup — signs all authentication tokens with this publicly known value. An unauthenticated attacker can forge arbitrary admin-scoped JWTs and gain full control of the application and every security tool it manages without any credentials. This vulnerability is fixed in 0.1.57.

