cbcvebase.
CVE-2026-25726
published 2026-04-03

CVE-2026-25726: Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.38%
29.5th percentile
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the secret_key, and hash_id_salt. These secrets are generated upon first startup and persisted in the database. An attacker can exploit this by obtaining the administrator's account creation time (via public API endpoints) to narrow the search window for the PRNG seed, and use known hashid to validate the seed. By brute-forcing the seed (demonstrated to take <3 hours on general consumer PC), an attacker can predict the secret_key. This allows them to forge valid JSON Web Tokens (JWTs) for any user, including administrators, leading to full account takeover and privilege escalation. This issue has been patched in version 4.13.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
cloudrevecloudreve< 4.13.04.13.0
github.comcloudreve_cloudreve_v4>= 0 < 4.0.0-20260205113604-ec9fdd33bc544.0.0-20260205113604-ec9fdd33bc54

Detection & IOCsextracted from sources · hover to see the quote

  • Attacker obtains administrator account creation time via public API endpoints to narrow the PRNG seed search window — monitor for unauthenticated or anomalous enumeration of user/account creation time endpoints in Cloudreve instances.
  • Forged JWTs for arbitrary users (including admins) will be signed with a predicted secret_key derived from brute-forced math/rand seed — inspect JWT signatures for tokens issued without a corresponding login event, especially for admin accounts.
  • The PRNG seed is time.Now().UnixNano() at first startup — the brute-force window can be correlated with the known instance creation time; alert on rapid sequential API calls probing hashid values consistent with seed validation.
  • ·The vulnerable secrets (secret_key and hash_id_salt) are generated only on first startup and persisted in the database — upgrading to 4.13.0 alone does NOT rotate these secrets if the instance was previously initialized; secrets stored in the DB from a vulnerable startup must be manually regenerated.
  • ·All Cloudreve v4 instances prior to 4.13.0 using the default initialization path are affected; the affected package is github.com/cloudreve/cloudreve/v4.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.