CVE-2026-0622 – Open5GS WebUI uses a hard-coded JWT signing key... (How to Fix)

Q: What is the severity of CVE-2026-0622?

CVE-2026-0622 has a CVSS score of 6.5 (MEDIUM). Open5GS WebUI uses a hard-coded JWT signing key ('change-me') when the JWT_SECRET_KEY environment variable is not set, allowing attackers to forge authentication tokens. This affects all deployments of Open5GS WebUI where the environment variable is not properly configured. Attackers can bypass authentication and potentially gain unauthorized access to administrative functions.

📋 TL;DR

Open5GS WebUI uses a hard-coded JWT signing key ('change-me') when the JWT_SECRET_KEY environment variable is not set, allowing attackers to forge authentication tokens. This affects all deployments of Open5GS WebUI where the environment variable is not properly configured. Attackers can bypass authentication and potentially gain unauthorized access to administrative functions.

💻 Affected Systems

Products:

Open5GS WebUI

Versions: All versions prior to fix

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when JWT_SECRET_KEY environment variable is not set. Default deployments without explicit configuration are vulnerable.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers forge valid JWT tokens to gain administrative access, modify network configurations, intercept communications, or disrupt 5G core network operations.

🟠

Likely Case

Unauthorized users bypass authentication to access administrative WebUI functions, potentially viewing sensitive configuration data or making limited unauthorized changes.

🟢

If Mitigated

With proper JWT_SECRET_KEY configuration, the vulnerability is eliminated as the hard-coded key is not used.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of the hard-coded key and ability to generate JWT tokens. The key 'change-me' is publicly documented in source code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit referenced in pull request #857

Vendor Advisory: https://github.com/open5gs/open5gs/issues/2264

Restart Required: Yes

Instructions:

1. Update Open5GS to latest version with fix. 2. Set JWT_SECRET_KEY environment variable to a strong, random value. 3. Restart Open5GS WebUI service.

🔧 Temporary Workarounds

Set JWT_SECRET_KEY Environment Variable

all

Configure a strong JWT signing key to override the hard-coded default

export JWT_SECRET_KEY='your-strong-random-key-here'

🧯 If You Can't Patch

Ensure JWT_SECRET_KEY environment variable is set to a strong, random value in all deployment environments
Restrict network access to Open5GS WebUI to trusted networks only

🔍 How to Verify

Check if Vulnerable:

Check if JWT_SECRET_KEY environment variable is set. If not set or set to 'change-me', system is vulnerable.

Check Version:

Check Open5GS version and verify it includes fix from pull request #857

Verify Fix Applied:

Verify JWT_SECRET_KEY is set to a strong random value and not 'change-me'. Test authentication with forged tokens using 'change-me' key should fail.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts with JWT tokens
Unusual administrative access patterns
Authentication logs showing token validation failures

Network Indicators:

Unauthorized API calls to administrative endpoints
Traffic patterns suggesting token forgery attempts

SIEM Query:

source="open5gs" AND (event_type="auth_failure" OR user="unknown" OR token_validation="failed")

📊 Metadata

CVE ID: CVE-2026-0622

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-798

EPSS Score: 0.04% exploit probability (10.5th percentile)

Published: January 20, 2026

Last Updated: February 3, 2026

🔗 References

https://github.com/open5gs/open5gs/issues/2264 Vendor Advisory,Issue Tracking
https://github.com/open5gs/open5gs/issues/856 Issue Tracking
https://github.com/open5gs/open5gs/pull/857 Issue Tracking,Patch
https://www.kb.cert.org/vuls/id/458022 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0622, you might also want to check these: