Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2026/04/06 4:59 p.m.3 views

CVE-2026-35039 fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

9.1CVSS5.8AI score0.00212EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/06 4:59 p.m.26 views

CVE-2026-35039 fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

9.1CVSS0.00212EPSS
Exploits0References2
CVE
CVE
added 2026/04/06 4:59 p.m.42 views

CVE-2026-35039

CVE-2026-35039 — fast-jwt cacheKeyBuilder collision leads to identity/authorization mixups Multiple connected sources describe a cache-confusion vulnerability in fast-jwt where a user-supplied cacheKeyBuilder can fail to produce unique keys for different tokens. When caching is enabled, two disti...

9.1CVSS5.9AI score0.00212EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder