Product

Sealed-Env (< 0.1.0-Alpha.4)

1 brief RSS

sealed-env Enterprise Mode TOTP Secret Leak in Unseal Tokens (CVE-2026-45091)

sealed-env versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted unseal token, allowing an attacker with a leaked token and the master key to mint new unseal tokens indefinitely.

sealed-env +1 credential-access cve-2026-45091

2r 1t 1c 1h ago