CVE-2026-39031

CVSS 5.5 MEDIUMEPSS 0.1%CWE-321

Vexday Risk Score

33Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 5.5EPSS 0.1%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

22 Jun 2026Public PoC

26 Jun 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character prefix is stored in cleartext alongside the ciphertext. This allows an attacker with local access to recover any encrypted password to plaintext using a single SHA-1 hash and RC4 decryption operation, with no brute force required.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

public PoCs found — 1

githubgithub.com/user6400/cve-2026-39031-lansweeper-lsrunase2-lsencrypt2★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/user6400/cve-2026-39031-lansweeper-lsrunase2-lsencrypt2 https://usermode.net/cve/lansweeper_lsrunase2_lsencrypt2_cve.pdf