VYPR
Critical severity10.0GHSA Advisory· Published May 14, 2026· Updated May 15, 2026

CVE-2026-44523

CVE-2026-44523

Description

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability is fixed in 0.19.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/enchant97/note-mark/backendGo
< 0.0.0-20260501152247-18b5877586670.0.0-20260501152247-18b587758667

Affected products

1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.