CVE-2026-29023
📋 TL;DR
Keygraph Shannon contains a hard-coded API key in its router configuration that allows network attackers to authenticate using a publicly known static key. When the router component is enabled and exposed, attackers can proxy requests through the Shannon instance using the victim's upstream provider API credentials, leading to unauthorized API usage and potential data disclosure. This affects users running vulnerable versions of Keygraph Shannon with the router component enabled.
💻 Affected Systems
- Keygraph Shannon
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of upstream API credentials, unauthorized API usage leading to financial costs, and full disclosure of all proxied request/response data including sensitive information.
Likely Case
Unauthorized API usage resulting in unexpected charges, potential data leakage from proxied requests, and possible service disruption.
If Mitigated
Limited impact if router component is disabled or network access is properly restricted, though the vulnerability still exists in the codebase.
🎯 Exploit Status
Exploitation requires network access to the router port and knowledge of the hard-coded API key, which is publicly documented in the vulnerability disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 023cc95 and later
Vendor Advisory: https://github.com/KeygraphHQ/shannon/issues/186
Restart Required: Yes
Instructions:
1. Update to the latest version of Keygraph Shannon that includes commit 023cc95. 2. Restart the Shannon service. 3. Verify the fix by checking that the hard-coded API key is no longer present in the router configuration.
🔧 Temporary Workarounds
Disable Router Component
allDisable the router component in Shannon configuration to prevent exposure of the vulnerable endpoint.
Edit Shannon configuration to set router.enabled = false
Network Access Control
linuxRestrict network access to the Shannon router port using firewall rules.
iptables -A INPUT -p tcp --dport [SHANNON_PORT] -j DROP
ufw deny [SHANNON_PORT]
🧯 If You Can't Patch
- Disable the router component in Shannon configuration immediately.
- Implement strict network segmentation and firewall rules to block all external access to the Shannon instance.
🔍 How to Verify
Check if Vulnerable:
Check if the Shannon instance is running a version before commit 023cc95 and has the router component enabled. Examine configuration files for hard-coded API keys.Check Version:
git log --oneline | grep 023cc95Verify Fix Applied:
Verify that commit 023cc95 is included in the current version and that the hard-coded API key has been removed from the router configuration.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts to router endpoint
- Unexpected API usage patterns from Shannon instance
- Failed authentication attempts using the hard-coded key
Network Indicators:
- Unusual traffic to Shannon router port from unexpected sources
- Outbound API requests from Shannon that don't match expected patterns
SIEM Query:
source="shannon.log" AND ("authentication failed" OR "router access" OR "API key")