What is CVE-2026-44523?

CVE-2026-44523 is a critical-severity vulnerability in Enchant97 Note-mark, classified under Inadequate Encryption Strength. CVSS score: 10.0/10. Published 2026-05-14.

How severe is CVE-2026-44523?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Vulnerability in Enchant97 Note-mark

CVE-2026-44523

Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secret regardless of size, including secrets…

EPSS: 0.000 (0.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N.

Affected products

Enchant97 Note-mark — versions < 0.19.4

Weakness classification (CWE)

CWE-326 — Inadequate Encryption Strength
CWE-345 — Insufficient Verification of Data Authenticity

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-44523?: CVE-2026-44523 is a critical-severity vulnerability in Enchant97 Note-mark, classified under Inadequate Encryption Strength. CVSS score: 10.0/10. Published 2026-05-14.
How severe is CVE-2026-44523?: Critical severity. CVSS v3 base score is 10.0 out of 10.