CVE-2026-35030

LiteLLM (proxy for LLM APIs) contains an authentication bypass flaw when JWT/OIDC authentication is enabled. The OIDC userinfo cache key is derived from the first 20 characters of the token, allowing an unauthenticated attacker to craft a token whose prefix matches a legitimate user’s cached toke...

CVE-2026-35030 LiteLLM has an authentication bypass via OIDC userinfo cache key collision

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, when JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20...

CVE-2026-35030 LiteLLM has an authentication bypass via OIDC userinfo cache key collision

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, when JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20...

EUVD-2026-19363

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

CVE-2026-34986 Go JOSE affect by a panic in JWE decryption

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

CVE-2026-34950

CVE-2026-34950 affects the fast-jwt library (6.1.0 and earlier). The publicKeyPemMatcher in fast-jwt/src/crypto.js uses an anchored regex starting with ^, which is defeated by any leading whitespace in the key string. This misclassifies RSA public keys with leading whitespace, allowing an attacke...

CVE-2026-34950 fast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patch...

CVE-2026-26058

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

CVE-2026-37977

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

BIT-NODE-MIN-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

BIT-NODE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

CVE-2026-5622 hcengineering Huly Platform JWT Token token.ts hard-coded key

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

CVE-2026-5622 hcengineering Huly Platform JWT Token token.ts hard-coded key

A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JWT Token Handler. This manipulation of the argument SERVERSECRET with the input secret causes use ...

PT-2026-30582

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing CORS header injection vulnerability in Keycloak's User-Managed Access UMA token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token JWT is used to set the...

LiteLLM 授权问题漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Prior to version 1.83.0, LiteLLM had an authorization vulnerability. This vulnerability stemmed from the use of token:20 as a cache key when JWT authentication was...

fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt up to 6.1.0 contained security vulnerabilities, which stemmed from the lack of verification of the crit header parameter. This allowed tokens containing unknown extensions to be accepted...

Go JOSE 安全漏洞

Go JOSE is an implementation of the JOSE standard in Go, open sourced under the Go JOSE project. Versions prior to Go JOSE 4.1.4 and 3.0.5 contained security vulnerabilities. These vulnerabilities occurred when decrypting JSON Web Encryption objects. If the alg field indicated the key wrapping...

GuvenliWebYazilimiGelistirme-CipherNone-

🛡️ CipherNone: JWT "alg: none" Vulnerability & Hardening Lab...

JWT-PHANTOM

No d...