CVE-2026-44523
Published: 14 May 2026
Summary
CVE-2026-44523 is a critical-severity Inadequate Encryption Strength (CWE-326) vulnerability. Its CVSS base score is 10.0 (Critical).
Operationally, it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Maintaining currency with technologies and practices reduces selection of encryption mechanisms that provide inadequate strength.
Directly requires independent verification of matching output before adverse decisions, mitigating insufficient authenticity checks on data from external sources.
Updated assessments identify when previously adequate encryption strength no longer meets current attack capabilities or compliance drivers.
Establishment procedures require selection and generation of keys with adequate length and strength for the chosen algorithm.
Specifies required cryptography types and parameters, preventing selection of inadequate encryption strength.
Use of approved PKI certificates provides verifiable data authenticity and origin for communications and artifacts.
Mandates provision of authenticity and integrity artifacts that enable verification of name/address resolution data.
Requires explicit verification of data authenticity from authoritative sources, preventing acceptance of unauthenticated resolution responses.
NVD Description
Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets as short as 1 byte. This vulnerability…
more
is fixed in 0.19.4.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)