2 matches found
CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...
CVE-2026-50627
creationtimestamp| type| source ---|---|--- 2026-06-11 17:59:32+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mnzsjocwhy2t 2026-06-15 18:10:38+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3moduz7pfex22 2026-07-03 00:04:53+00:00| seen|...