CVE-2026-33746P2CRITICALCVSS 9.8fixed in 4.5.12026-04-02
CVE-2026-33746 [CRITICAL] CWE-287 CVE-2026-33746: Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before ve
Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode() method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated time-based claims (exp, nbf, iat) using the StrictV
nvd