## Critical Security Flaw: kernel-keymanager-service Library Exposes 80 Vulnerabilities, Including Critical 9.8 CVSS Score A critical security scan has exposed a foundational library within a key management service, revealing a staggering 80 distinct vulnerabilities. The most severe flaw carries a maximum CVSS severity score of 9.8, indicating a critical risk of remote code execution or system compromise. This vulnerable component, `kernel-keymanager-service-1.2.0.1-B2-lib.jar`, is a core dependency for the `esignet-service`, a critical piece of infrastructure for digital signing and authentication systems. The vulnerability originates from a deeply embedded transitive dependency: `logback-core-1.2.3.jar`. This logging library, repeated multiple times in the dependency chain, is the source of the security weaknesses. The path to the vulnerable file points directly to a standard Maven repository, confirming this is not an isolated deployment issue but a systemic dependency problem. The sheer volume of 80 vulnerabilities within a single service library suggests a prolonged lack of security updates and dependency management, leaving the entire `esignet-service` and any systems relying on it potentially exposed. This discovery places immense pressure on the development and security teams responsible for the `esignet-service` and the broader `kernel-keymanager-service` ecosystem. The presence of a critical 9.8-rated vulnerability in a key management component raises immediate red flags for data integrity, cryptographic key safety, and overall system trust. Organizations using this service must urgently audit their deployments, as the flaw could provide attackers a direct path to compromise authentication flows, forge digital signatures, or exfiltrate sensitive cryptographic material. The situation demands immediate remediation to prevent potential breaches. --- - **Source**: GitHub Issues - **Sector**: The Lab - **Tags**: cybersecurity, vulnerability, dependency_management, authentication, log4shell - **Credibility**: unverified - **Published**: 2026-04-11 12:22:35 - **ID**: 60017 - **URL**: https://whisperx.ai/en/intel/60017