Critical severity10.0GHSA Advisory· Published May 14, 2026· Updated May 15, 2026
CVE-2026-44523
CVE-2026-44523
Description
Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/enchant97/note-mark/backendGo | < 0.0.0-20260501152247-18b587758667 | 0.0.0-20260501152247-18b587758667 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-q6mh-rqwh-g786ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-44523ghsaADVISORY
- github.com/enchant97/note-mark/commit/18b58775866776ed400c403dd0ccad68c1fa4802ghsaWEB
- github.com/enchant97/note-mark/releases/tag/v0.19.4ghsaWEB
- github.com/enchant97/note-mark/security/advisories/GHSA-q6mh-rqwh-g786nvdWEB
News mentions
0No linked articles in our index yet.