Lucene search
K

5 matches found

RubySec
RubySec
added 2026/05/18 12:0 a.m.16 views

ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

9.1CVSS5.7AI score0.00236EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.11 views

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS6AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 8:16 p.m.25 views

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS0.00236EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/06 10:26 p.m.7 views

@jsprismarine/client (>=0.12.2-unstable-20250320195345 <=0.13.1-unstable-20250503082416), @jsprismarine/prismarine (>=0.12.2-unstable-20250320195345 <=0.13.1-unstable-20250503082416) +1 more potentially affected by CVE-2026-44351 via fast-jwt (>=6.0.0 <=6.0.1)

fast-jwt NPM version =6.0.0, =0.12.2-unstable-20250320195345, =0.12.2-unstable-20250320195345, =0.12.2-unstable-20250320195345, =0.13.1-unstable-20250503082416 Source cves: CVE-2026-44351 Source advisory: SNYK:JS-FASTJWT-16439016...

9.1CVSS5.4AI score0.00236EPSS
Exploits0
Circl
Circl
added 2026/04/29 11:7 a.m.9 views

CVE-2026-44351

creationtimestamp| type| source ---|---|--- 2026-04-29 11:07:21+00:00| published-proof-of-concept| https://github.com/nearform/fast-jwt/security/advisories/GHSA-gmvf-9v4p-v8jc...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References1
Rows per page
Query Builder