Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Keygraph Shannon: Hard-coded API key in router configuration
CVE-2026-29023
Summary
Keygraph Shannon has a critical security flaw that allows attackers to access your API without a password. This can happen if your router component is enabled and exposed to the internet. To fix this, update to the latest version, which includes a patch to prevent unauthorized access.
Original title
Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known ...
Original description
Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known static key. An attacker able to reach the router port can proxy requests through the Shannon instance using the victim’s configured upstream provider API credentials, resulting in unauthorized API usage and potential disclosure of proxied request and response data. This vulnerability's general exploitability has been mitigated with the introduction of commit 023cc95.
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-798
Use of Hard-coded Credentials
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026