Vulnerability in Note Mark Application by Enchant97
CVE-2026-44523

10CRITICAL

Key Information:

Vendor: Enchant97
Status: Note-mark
Vendor: CVE Published:; 14 May 2026

What is CVE-2026-44523?

The Note Mark application, an open-source note-taking tool developed by Enchant97, has a security vulnerability related to its JWT_SECRET configuration. Prior to version 0.19.4, the application did not enforce a minimum length or strength for the JWT_SECRET, allowing attackers to use trivially short or easily guessable secrets. This could result in unauthorized access, as the system accepts any base64-decodable secret without restrictions. Users are strongly advised to upgrade to version 0.19.4 or later to mitigate this risk.

Affected Version(s)

note-mark < 0.19.4

References

https://github.com/enchant97/note-mark/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
May 6, 2026

CVE-2026-44523 Data

JSON