CVE-2026-25726
published 2026-04-03CVE-2026-25726: Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.38%
29.5th percentile
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now().UnixNano() to generate critical security secrets, including the secret_key, and hash_id_salt. These secrets are generated upon first startup and persisted in the database. An attacker can exploit this by obtaining the administrator's account creation time (via public API endpoints) to narrow the search window for the PRNG seed, and use known hashid to validate the seed. By brute-forcing the seed (demonstrated to take <3 hours on general consumer PC), an attacker can predict the secret_key. This allows them to forge valid JSON Web Tokens (JWTs) for any user, including administrators, leading to full account takeover and privilege escalation. This issue has been patched in version 4.13.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloudreve | cloudreve | < 4.13.0 | 4.13.0 |
| github.com | cloudreve_cloudreve_v4 | >= 0 < 4.0.0-20260205113604-ec9fdd33bc54 | 4.0.0-20260205113604-ec9fdd33bc54 |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker obtains administrator account creation time via public API endpoints to narrow the PRNG seed search window — monitor for unauthenticated or anomalous enumeration of user/account creation time endpoints in Cloudreve instances. ↗
- →Forged JWTs for arbitrary users (including admins) will be signed with a predicted secret_key derived from brute-forced math/rand seed — inspect JWT signatures for tokens issued without a corresponding login event, especially for admin accounts. ↗
- →The PRNG seed is time.Now().UnixNano() at first startup — the brute-force window can be correlated with the known instance creation time; alert on rapid sequential API calls probing hashid values consistent with seed validation. ↗
- ·The vulnerable secrets (secret_key and hash_id_salt) are generated only on first startup and persisted in the database — upgrading to 4.13.0 alone does NOT rotate these secrets if the instance was previously initialized; secrets stored in the DB from a vulnerable startup must be manually regenerated. ↗
- ·All Cloudreve v4 instances prior to 4.13.0 using the default initialization path are affected; the affected package is github.com/cloudreve/cloudreve/v4. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
osv·2026-03-31
CVE-2026-25726 [HIGH] Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
### Impact
This vulnerability affects **Cloudreve** instances that were **first deployed/initialized** with versions prior to V4.10.0.
The application uses the weak pseudo-random number generator `math/rand` seeded with `time.Now().UnixNano()` to generate critical security secrets, including the `secret_key`, and `hash_id_salt`. These secrets are generated upon first startup and persisted in the database.
An attacker can exploit this by obtaining the administrator's account creation time (via public API endpoints) to narrow the search window for the PRNG seed, and use known hashid to validate the seed. By brute-forcing the seed (demonstrated to take <3 hours on general consumer PC
GHSA
Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
ghsa·2026-03-31
CVE-2026-25726 [HIGH] CWE-338 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
### Impact
This vulnerability affects **Cloudreve** instances that were **first deployed/initialized** with versions prior to V4.10.0.
The application uses the weak pseudo-random number generator `math/rand` seeded with `time.Now().UnixNano()` to generate critical security secrets, including the `secret_key`, and `hash_id_salt`. These secrets are generated upon first startup and persisted in the database.
An attacker can exploit this by obtaining the administrator's account creation time (via public API endpoints) to narrow the search window for the PRNG seed, and use known hashid to validate the seed. By brute-forcing the seed (demonstrated to take <3 hours on general consumer PC
No detection rules found.
No public exploits indexed.
2026-04-03
Published