Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0070

NIXPKGS-2026-0070

GitHub issue published on

Permalink CVE-2026-0622

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

updated 3 months, 1 week ago by @LeSuisse Activity log

Created suggestion 3 months, 1 week ago
@LeSuisse ignored package open5gs-webui 3 months, 1 week ago
@LeSuisse accepted 3 months, 1 week ago
@LeSuisse published on GitHub 3 months, 1 week ago

Open 5GS WebUI uses a hard-coded JWT signing key

Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset

References

Affected products

open5GS

=<2.7.6

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Ignored packages (1)

pkgs.open5gs-webui

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Package maintainers

@Bot-wxt1221 Bot-wxt1221 <3264117476@qq.com>

Unmerged upstream PR: https://github.com/open5gs/open5gs/pull/857