PatchSiren

whyour CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL whyour CVE published 2026-07-15

CVE-2026-55445

CVE-2026-55445 is a CRITICAL vulnerability in Qinglong timed task management platform versions prior to 2.20.1. The init guard middleware does not check /open/* paths after JWT authentication and guard have passed; an unauthenticated attacker can send PUT /open/user/init to reset administrator credentials on an initialized instance. This issue allows for potential unauthorized administrator credential res [truncated]