Lucene search
K

514 matches found

NVD
NVD
added 2 days ago8 views

CVE-2026-56271

Flowise before 3.1.0 affected versions 3.0.13 and earlier uses weak hardcoded default JWT secrets 'authtoken', 'refreshtoken' and default audience and issuer values 'AUDIENCE', 'ISSUER' in the enterprise passport authentication middleware packages/server/src/enterprise/middleware/passport/index.t...

9.8CVSS0.00396EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42963

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....

4.2CVSS6.1AI score0.00167EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42958

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer iss but not the audience aud claim, allowing a validly signed token from a trusted issuer for another relying party to be accepted ...

4.2CVSS6.1AI score0.00112EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...

6.8CVSS6AI score0.00298EPSS
Exploits0References6Affected Software1
CVE
CVE
added 5 days ago49 views

CVE-2026-55689

OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA's OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated...

8.1CVSS6AI score0.00298EPSS
Exploits0References5Affected Software2
NVD
NVD
added 5 days ago7 views

CVE-2026-59208

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS0.00143EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59208

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS5.9AI score0.00143EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42610

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS5.9AI score0.00143EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-59208 n8n: Cross-Issuer Token Exchange Account Binding via Subject-Only Identity Resolution

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS0.00143EPSS
Exploits0References3
CVE
CVE
added 5 days ago13 views

CVE-2026-59208

CVE-2026-59208 affects n8n, an open-source workflow automation platform. Vulnerability: when an n8n instance is configured with more than one trusted token-exchange issuer, it could resolve external identities to local accounts using only the JWT sub claim and ignore the iss claim. This allows an...

7.6CVSS5.9AI score0.00143EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-54782 CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...

10CVSS0.00246EPSS
Exploits0References6
OSV
OSV
added last week7 views

GO-2026-5853 Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio

Fulcio has OIDC Discovery Redirect Following Allows SSRF and JWKS Substitution for Meta-Issuer Paths, with Kubernetes Service-Account Token Leakage in github.com/sigstore/fulcio...

5.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/06 5:37 a.m.6 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.6 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/06 5:8 a.m.6 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/06 3:54 a.m.6 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References5
Snyk
Snyk
added 2026/07/02 10:18 p.m.6 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the OIDC discovery process when the X-Forwarded-Host header is not validated and no allowed-hosts list is configured. An attacker can manipulate the issuer and JWKS URI in the discovery document by supplying a...

8.2CVSS6AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 8:17 p.m.7 views

CVE-2026-59096

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 7:41 p.m.36 views

CVE-2026-59096 Dapr - OIDC Discovery Issuer and JWKS URI Injection via Unvalidated X-Forwarded-Host

Dapr Sentry's OIDC discovery endpoint derives the issuer and jwksuri of the /.well-known/openid-configuration document from the request Host, honoring an attacker-controlled X-Forwarded-Host header without validation when no allowed-hosts list is configured the default, and serves the document wi...

8.2CVSS0.00246EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 7:41 p.m.15 views

CVE-2026-59096

Dapr Sentry’s OIDC discovery endpoint can be poisoned: the issuer and jwks_uri in /.well-known/openid-configuration are derived from the request Host via an attacker-controlled X-Forwarded-Host when oidc-allowed-hosts is not configured, and the document is cached for one hour. This allows remote ...

8.2CVSS5.8AI score0.00246EPSS
Exploits0References4
Rows per page
Query Builder