Title: - https://github.com/getmaxun - https://github.com/getmaxun/maxun ≤ v0.0.28 Authentication Bypass by Primary Weakness Description: Maxun has a default JWT encryption key, and the key value is the open-source default value in the official deployment tutorial. This has also been verified in their cloud service. Once an attacker knows this authentication key, they can forge the identity credentials of all users and thus take over the backend. Source: https://gist.github.com/H2u8s/40be31987e52fc81076b6bfcbdf3cd6 User: 28Hus (UID 92415) Submission: 12/09/2025 03:22 PM (25 days ago) Moderation: 12/26/2025 07:11 PM (17 days later) Status: Accepted VuDB entry: 233476 [getmaxun up to 0.0.28 auth.ts api_key hard-coded key] Points: 17