SYS::ONLINE
Wasteland.
Briefs1204
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-61500 2026-07-13

CVE-2026-61500: Predictable Signing Key Enables Admin Session Forgery in Rejetto HFS

"A critical flaw in Rejetto HFS (3.0.0–3.2.0) lets unauthenticated remote attackers forge administrator session cookies and achieve remote code execution by exploiting a session key derived from a non-cryptographic…"

A critical flaw in Rejetto HFS (3.0.0–3.2.0) lets unauthenticated remote attackers forge administrator session cookies and achieve remote code execution by exploiting a session key derived from a non-cryptographic random generator.

What Is It

CVE-2026-61500 is a cryptographic weakness (CWE-338, use of a cryptographically weak pseudo-random number generator) in the Rejetto HFS file server. HFS derives its session-cookie signing key from the non-cryptographic Math.random() generator, and it discloses outputs of that same generator to unauthenticated clients during login. By collecting a small number of login responses, an attacker can reconstruct the generator's internal state, recover the signing key, and forge a valid administrator session cookie. The issue carries a CVSS 3.1 base score of 9.8 (CRITICAL) and a CVSS 4.0 score of 9.3.

Why It Matters

Exploitation requires no authentication, no user interaction, and low attack complexity, and is reachable over the network. A successful attack yields full administrative access and remote code execution via the server_code configuration feature—complete compromise of confidentiality, integrity, and availability on the affected host. Because the attack relies only on a handful of observable login responses, it is practical for any remote attacker who can reach the server.

What's Vulnerable

Rejetto HFS versions 3.0.0 through 3.2.0 (all releases prior to 3.2.1) are affected. The vulnerable behavior stems from the session-cookie signing key generation and its exposure of Math.random() outputs during login.

Patch Status

The issue is fixed in Rejetto HFS v3.2.1. Administrators running any version from 3.0.0 through 3.2.0 should upgrade to 3.2.1 or later. No CISA KEV entry confirming active exploitation was supplied for this CVE; there is no indication of confirmed in-the-wild exploitation in the provided source material.

Sources