jwt-pwn

jwt-pwn A zero-dependency Python 3 toolkit for discovering an...

Exploit for CVE-2026-29000

🚀 CVE-2026-29000 - pac4j-jwt Authentication Bypass Exploit !...

PT-2026-31285

Summary The LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none' algorithm, a crafted token without a signature will be accepted as valid,...

GuvenliWebYazilimiGelistirme-CipherNone-

🛡️ CipherNone: JWT "alg: none" Vulnerability & Hardening Lab...

Improper Signature Verification

Authlib is vulnerable to improper signature verification. The vulnerability is due to improper validation of JWT tokens where tokens with alg: none and an empty signature bypass the signature verification process, which allows an attacker to forge authentication tokens and gain unauthorized acces...

CVE-2026-28802

CVE-2026-28802 affects the Python package Authlib, which builds OAuth/OpenID Connect servers. The issue occurs in versions 1.6.5 through before 1.6.7, where tests involving a malicious JWT with alg: none and an empty signature could pass the signature verification step without code changes when a...

CVE-2026-28802 Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification

Summary After upgrading the library from 1.5.2 to 1.6.0 and the latest 1.6.5 it was noticed that previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was...

BIT-PARSE-2026-27804 Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.3.1, an unauthenticated attacker can forge a Google authentication token with alg: "none" to log in as any user linked to a Google account, without knowing their...

CVE-2026-27804

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google authentication token with alg: "none" to log in as any user linked to a Google account, without knowing...

CVE-2026-27804 Parse Server: Account takeover via JWT algorithm confusion in Google auth adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.3 and 9.1.1-alpha.4, an unauthenticated attacker can forge a Google authentication token with alg: "none" to log in as any user linked to a Google account, without knowing...

📄 Microsoft Sharepoint Authentication Bypass

This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023. ============================================================================================================================================= | Title : SharePoint Authentication...

CVE-2025-61152

python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...

python-jose 安全漏洞

python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose version 3.3.0 and earlier, which stems from unenforced alg=none token denial, and could lead to bypassing authentication checks, which in turn could lead to...

PT-2025-40251

Name of the Vulnerable Software and Affected Versions Kazaar version 1.25.12 Description The software allows a JSON Web Token JWT with 'none' specified in the 'alg' field. This can potentially compromise the integrity of the authentication process. Recommendations At the moment, there is no...

CVE-2025-59685

Kazaar 1.25.12 allows a JWT with none in the alg field...

Kazaar 安全漏洞

Kazaar is a print marketing fulfillment platform from Kazaar, Inc. A security vulnerability exists in Kazaar version 1.25.12 that stems from allowing the use of a JWT with an alg field of none, which could lead to authentication bypass...

CVE-2021-22160

If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens JWT, the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user incl. admins...

ceph: rhceph-container: Authentication bypass in CEPH RadosGW

A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm alg. This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid token...