Cyber Posture

CVE-2026-25726

High

Published: 03 April 2026

Published
03 April 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25726 is a high-severity PRNG (CWE-338) vulnerability in Cloudreve Cloudreve. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SC-12 (Cryptographic Key Establishment and Management).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-12 Cryptographic Key Establishment and Management good match
prevent

Requires secure cryptographic key establishment and management with sufficient entropy, directly preventing generation of predictable secret_key using weak PRNG seeding.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation including patching to version 4.13.0, which fixes the weak PRNG for critical secrets and eliminates the vulnerability.

IA-5 Authenticator Management good match
prevent

Ensures authenticators such as the JWT signing secret_key have sufficient strength of mechanism, countering weak pseudo-random generation vulnerable to brute-force seed prediction.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1606 Forge Web Credentials Credential Access
Adversaries may forge credential materials that can be used to gain access to web applications or Internet services.
attack.mitre.org →
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Vulnerability in public-facing Cloudreve enables remote exploitation (T1190) to brute-force weak PRNG-derived secrets and forge JWTs (T1606), impersonating users via valid accounts (T1078) for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the secret_key, and hash_id_salt. These secrets are generated upon…

more

first startup and persisted in the database. An attacker can exploit this by obtaining the administrator's account creation time (via public API endpoints) to narrow the search window for the PRNG seed, and use known hashid to validate the seed. By brute-forcing the seed (demonstrated to take <3 hours on general consumer PC), an attacker can predict the secret_key. This allows them to forge valid JSON Web Tokens (JWTs) for any user, including administrators, leading to full account takeover and privilege escalation. This issue has been patched in version 4.13.0.

Deeper analysisAI

CVE-2026-25726 affects Cloudreve, an open-source self-hosted file management and sharing system, in versions prior to 4.13.0. The vulnerability stems from the use of a weak pseudo-random number generator from the math/rand package, seeded solely with time.Now().UnixNano(), to generate critical security secrets such as the secret_key and hash_id_salt. These secrets are created during the application's first startup and stored persistently in the database, making them predictable under certain conditions due to the limited entropy in the seed.

A remote attacker without privileges can exploit this issue by first querying public API endpoints to obtain the administrator's account creation time, which narrows the feasible search window for the PRNG seed. Using a known hashid value for validation, the attacker can then brute-force the seed—demonstrated to require less than three hours on a general consumer PC—to derive the secret_key. With the secret_key, the attacker can forge valid JSON Web Tokens (JWTs) impersonating any user, including administrators, resulting in full account takeover and privilege escalation. The CVSS v3.1 base score of 8.1 reflects network accessibility with high attack complexity but high impacts on confidentiality, integrity, and availability (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

The issue has been addressed in Cloudreve version 4.13.0, as detailed in the project's release notes and security advisory. Practitioners should upgrade to this patched version to mitigate the vulnerability, with further details available in the GitHub release at https://github.com/cloudreve/cloudreve/releases/tag/4.13.0 and the advisory at https://github.com/cloudreve/cloudreve/security/advisories/GHSA-f8xp-wvcx-p6f4.

Details

CWE(s)
CWE-338

Affected Products

cloudreve
cloudreve
≤ 4.13.0

CVEs Like This One

CVE-2025-40905Shared CWE-338
CVE-2024-58041Shared CWE-338
CVE-2025-66630Shared CWE-338
CVE-2025-15578Shared CWE-338
CVE-2024-57854Shared CWE-338
CVE-2026-6659Shared CWE-338
CVE-2024-40762Shared CWE-338
CVE-2026-5088Shared CWE-338
CVE-2025-40920Shared CWE-338
CVE-2026-5087Shared CWE-338

References