← voltar
CVE-2026-29023

Keygraph Shannon Hard-coded Router API Key

CVSS 6.9 MEDIUMEPSS 0.2%CWE-798
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.9EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 mar 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key. An attacker able to reach the router port can proxy requests through the Shannon instance using the victim’s configured upstream provider API credentials, resulting in unauthorized API usage and potential disclosure of proxied request and response data. This vulnerability's general exploitability has been mitigated with the introduction of commit 023cc95.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Produtos afetados
KeygraphHQ · Shannon

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →