# CVE-2026-7018

> Vulnerability · severity: **MEDIUM** (CVSS 5.6).

## Description

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the argument tokenSecret can lead to use of hard-coded cryptographic key . The attack can be executed remotely. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. This patch is called e540d6dc04e2e6ad11907fb655f3728a13e7b939. It is advisable to implement a patch to correct this issue. The project was informed of the problem early through a pull request but has not reacted yet.

## Key facts

- **CVE ID:** CVE-2026-7018
- **Published:** 2026-04-26
- **CVSS severity:** MEDIUM
- **CVSS base score:** 5.6
- **CWE codes:** CWE-320, CWE-321

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7018

## Citation

> AI Analytics. CVE-2026-7018. Retrieved 2026-07-15 from https://api.ai-analytics.org/cve/CVE-2026-7018. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*