3 matches found
CVE-2026-50627
The CVE-2026-50627 issue affects Apache CXF’s JwtAccessTokenValidator, which fails to validate the aud (Audience) claim in incoming JWT access tokens. As described in multiple sources (NVD/Red Hat/CVE List/etc.), a token issued for one Resource Server could be replayed against a different Resourc...
CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...
CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...