JWT Token Handler Vulnerability in Huly Platform by hcengineering
CVE-2026-5622

6.3MEDIUM

Key Information:

Vendor

Hcengineering

Status
Huly Platform
Vendor
CVE Published:
6 April 2026

What is CVE-2026-5622?

A vulnerability exists in the Huly Platform's JWT Token Handler that allows manipulation of the SERVER_SECRET argument, leading to the use of a hard-coded cryptographic key. This flaw can be exploited remotely, enabling attackers to conduct sophisticated attacks that are challenging to execute. Despite attempts to communicate this issue to the vendor, there has been no acknowledgment or response.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Huly Platform 0.7.382

References

https://vuldb.com/vuln/355412
vdb-entrytechnical-description
https://vuldb.com/vuln/355412/cti
signaturepermissions-required
https://vuldb.com/submit/785631
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ghufran Khan (VulDB User)
VulDB CNA Team
JSON
.