VDB
GO-2025-4269
GO-2025-4269
PUBLISHED
SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key in github.com/actiontech/sqle
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | actiontech/sqle | 0, 0 |
Timeline
- Jan 12, 2026 CVE Published
- Mar 3, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/advisories/GHSA-43h9-hc38-qph5 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-15107 advisory
- https://github.com/actiontech/sqle/issues/3186 report
- https://github.com/actiontech/sqle/blob/4714f83f33e0d7aa647036eb756e928aa4174014/sqle/utils/jwt.go#L9 url
- https://github.com/actiontech/sqle/milestone/53 url
- https://vuldb.com/?ctiid.338478 url
- https://vuldb.com/?id.338478 url
- https://vuldb.com/?submit.710380 url