What is the severity of CVE-2024-26136?

CVE-2024-26136 has a high severity due to the exposure of sensitive account access tokens.

How do I fix CVE-2024-26136?

To fix CVE-2024-26136, remove the exposed account access token from the config.json file and implement proper access controls.

What vulnerabilities does CVE-2024-26136 introduce?

CVE-2024-26136 potentially allows malicious actors to gain unauthorized access to user accounts and sensitive information.

Which versions of ElectronCord are affected by CVE-2024-26136?

CVE-2024-26136 affects all versions of ElectronCord up to version 2024-02-19.

Is there a known exploit for CVE-2024-26136?

While there is no reported public exploit for CVE-2024-26136, the vulnerability poses significant risks if the exposed tokens are discovered by attackers.

Vulnerability/
CVE-2024-26136

high

7.5

CWE

200

EPSS

0.043%

20/2/2024

5/2/2025

CVE-2024-26136: kedi ElectronCord's Discord Token is public

First published: Tue Feb 20 2024(Updated: )

kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the `config.json` file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions on behalf of the repository owner. As of time of publication, it is unknown whether the owner of the repository has rotated the token or taken other mitigation steps aside from informing users of the situation.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Electroncord
Electroncord	<2024-02-19

Remedy

https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-26136?
CVE-2024-26136 has a high severity due to the exposure of sensitive account access tokens.
How do I fix CVE-2024-26136?
To fix CVE-2024-26136, remove the exposed account access token from the config.json file and implement proper access controls.
What vulnerabilities does CVE-2024-26136 introduce?
CVE-2024-26136 potentially allows malicious actors to gain unauthorized access to user accounts and sensitive information.
Which versions of ElectronCord are affected by CVE-2024-26136?
CVE-2024-26136 affects all versions of ElectronCord up to version 2024-02-19.
Is there a known exploit for CVE-2024-26136?
While there is no reported public exploit for CVE-2024-26136, the vulnerability poses significant risks if the exposed tokens are discovered by attackers.

agent/weakness
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
agent/severity
agent/author
collector/epss-latest
source/FIRST
agent/epss
collector/mitre-cve
source/MITRE
agent/source
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/event
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
vendor/kedi
canonical/electroncord
vendor/openjsf

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.