Vulnerability in Cloudreve File Management System
CVE-2026-25726
What is CVE-2026-25726?
Cloudreve, a self-hosted file management and sharing system, was found to have a vulnerability in its pseudo-random number generator, which improperly used time-based seeding to create critical security secrets such as secret_key and hash_id_salt prior to version 4.13.0. This flaw exposes the system to potential attacks where an adversary can exploit an administrator's account creation time obtained via public API endpoints to predict the secret_key. By leveraging brute-force techniques, which can take less than three hours on average hardware, attackers can forge valid JSON Web Tokens (JWTs) for any user, including those with administrator privileges, resulting in complete account takeover and privilege escalation. The issue has been addressed in version 4.13.0.
Affected Version(s)
cloudreve < 4.13.0
