1. Kailash API Gateway Ships Hardcoded JWT Secret in Public Repository, Enabling Token Forgery
A critical security vulnerability has been identified in Kailash's API Gateway middleware component, where a hardcoded default JWT signing key is embedded directly in publicly accessible open-source code. The finding, cataloged as F-C-35 during the Wave 5 portfolio specification audit, exposes a signing key measuring j...