Dpanel's hard-coded JWT secret leads to remote code execution
The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine.
Advisories for Golang/Github.com/Donknap/Dpanel package
2025