CasaOS is a simple, easy-to-use and elegant open source home cloud system. A cryptographic issue vulnerability exists in versions of CasaOS prior to 0.4.4. The vulnerability stems from a poor choice of JWT algorithm and can be exploited by an attacker to craft arbitrary JWTs and access functions that normally require authentication, and execute arbitrary commands as root.