22 matches found
PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)
!NOTE The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior rate limiting, transient errors which is beyond the attacker's control. Impact is reduced auth...
SUSE CVE-2026-48524
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...
Linux Distros Unpatched Vulnerability : CVE-2026-48524
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT wi...
DEBIAN-CVE-2026-48524
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...
UBUNTU-CVE-2026-48524
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...
CVE-2026-48524 PyJWT: PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...
CVE-2026-48524
CVE-2026-48524 affects PyJWT prior to 2.13.0. The issue is in PyJWKClient.get_signing_key(), which can force a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since the kid is from an unverified token header, an attacker can trigger unlimite...
CVE-2026-48524
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...
Incorrect Type Conversion or Cast
Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the DiscoverKeys process. An attacker can cause the application to crash by providing a non-RSA key such as an EC key from a repository JWKS endpoint, which triggers a panic due to an unchecked type...
GHSA-M7HM-VM4X-28JF apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery
DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as rsa.PublicKey without checking the key type. If a repository JWKS endpoint returns a non-RSA key e.g. EC, the unchecked assertion panics and crashes apko. This affects any workflow that initializes the APK...
Exploit for CVE-2026-29000
pac4j-jwe-forge CVE-2026-29000 Proof-of-concept for CVE-202...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...
Exploit for CVE-2026-29000
CVE-2026-29000 – pac4j JWT Authentication Bypass Python PoC...
CVE-2026-32301
Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...
PT-2026-25082
Name of the Vulnerable Software and Affected Versions Centrifugo versions prior to 6.7.0 Description Centrifugo is susceptible to a Server-Side Request Forgery SSRF condition when configured with a dynamic JWKS endpoint URL that utilizes template variables, such as tenant. An unauthenticated...
CVE-2026-27478
Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...
GHSA-3VHC-576X-3QV4 Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg" (untrusted header.alg fallback)
Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did not explicitly define an algorithm. This could enable JWT algorithm confusion and, in certain configurations, allow forged...