CVE-2026-45091
May 15, 2026 ยท View on GitHub
โ ๏ธ Security Research & Legal Disclaimer
๐ Purpose of This Repository
This repository is provided strictly for educational, academic, and authorized cybersecurity research purposes only.
It is intended to support understanding of:
- Security vulnerabilities and exploitation concepts in controlled environments
- Sandbox isolation mechanisms and their limitations
- Secure software design and defensive security practices
๐ซ Authorized Use Only
This repository must only be used in environments where explicit permission has been granted, such as:
- Personal or controlled virtual machines
- Docker or isolated lab environments
- Authorized penetration testing engagements
- Academic or cybersecurity training setups
Any use outside of authorized environments is strictly prohibited.
โ๏ธ No Responsibility / No Liability
The author and contributors of this repository are not responsible, liable, or accountable for any misuse, damage, loss, or legal consequences arising from the use, misuse, or distribution of this project or its contents.
By using this repository, you acknowledge that:
- You are solely responsible for your actions
- You assume full legal responsibility for any use or misuse
- The author provides no warranty or guarantee of any kind, expressed or implied
- Any illegal, unethical, or unauthorized use is strictly at your own risk
๐จ Illegal Use Disclaimer
The author explicitly disclaims any responsibility for illegal, malicious, or unauthorized use of this repository or its contents.
Any such use is:
- Not endorsed
- Not supported
- Not encouraged
- Entirely outside the scope of this project
๐ก๏ธ Ethical Use Statement
This project is intended solely for:
- Defensive security research
- Vulnerability education and awareness
- Secure coding and system hardening research
- Academic and professional cybersecurity learning
It follows the principles of responsible disclosure and ethical security research.
๐ Final Reminder
Security research must always be conducted with:
- โ Proper legal authorization
- โ Ethical intent
- โ Isolated and controlled environments
- โ Compliance with applicable laws and policies
๐ง Contact
For responsible disclosure or research collaboration, please contact the repository maintainer via GitHub.
Credit or reference
- https://www.cve.org/CVERecord?id=CVE-2026-45091
- https://github.com/davidalmeidac/sealed-env/security/advisories/GHSA-x3r2-fj3r-g5mv
Usage
chmod +x poc-cve-2026-45091.sh
# Run with a captured token
./poc-cve-2026-45091.sh "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b3RwU2VjcmV0IjoiSldJU0hJVEUyM0FCTEMyM0RFRkciLCJleHAiOjE3MTAwMDAwMDB9.signature"
const token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b3RwU2VjcmV0IjoiSldJU0hJVEUyM0FCTEMyM0RFRkci...";
node extract-totp.js