CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

🗓️ 21 Apr 2026 21:09:44Reported by GitHub_MType

Inverted time checks in OpenID Connect caches caused constant fetches; fixed in 2.1.0.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2026-40942	21 Apr 202621:09	–	attackerkb
CNNVD	Data Sharing Framework 安全漏洞	21 Apr 202600:00	–	cnnvd
CVE	CVE-2026-40942	21 Apr 202621:09	–	cve
EUVD	EUVD-2026-24496	21 Apr 202621:09	–	euvd
Github Security Blog	Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache	15 Apr 202619:19	–	github
NVD	CVE-2026-40942	21 Apr 202622:16	–	nvd
OSV	GHSA-XMJ9-7625-F634 Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache	15 Apr 202619:19	–	osv
Positive Technologies	PT-2026-34186	21 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-40942	5 Jun 202619:27	–	redhatcve
Snyk	Always-Incorrect Control Flow Implementation	15 Apr 202619:19	–	snyk

[
  {
    "vendor": "datasharingframework",
    "product": "dsf",
    "versions": [
      {
        "version": "< 2.1.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "dev.dsf",
    "product": "dsf-bpe-process-api-v2",
    "versions": [
      {
        "version": "< 2.1.0",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "dev.dsf",
    "product": "dsf-bpe-server",
    "versions": [
      {
        "version": "< 2.1.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/datasharingframework/dsf/commit/d3ca59b4daccde16a006fedeccce28fd1f826908
github	www.github.com/datasharingframework/dsf/security/advisories/GHSA-xmj9-7625-f634
github	www.github.com/datasharingframework/dsf/commit/31c2e974dfd4351756104ee8c53dbcd666192fef

21 Apr 2026 21:09Current

CVSS 46.3

EPSS0.00057

CWE-670