cbcvebase.
CVE-2024-46508
published 2026-05-08

CVE-2024-46508: yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other…

PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.43%
34.3th percentile
yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET).

Affected

1 ranges
VendorProductVersion rangeFixed in
yeti-platformyeti>= 2.0 < 2.1.122.1.12
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.