CVE-2026-55759

Rocket.Chat Apple Sign-In had a JWT claims validation bypass prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13. Any Apple-signed JWT with a non-empty iss could be accepted regardless of aud, exp, nbf, or nonce, enabling replay authentication if an attacker obtains a user’s identity t...

CVE-2026-55666

Rocket.Chat vulnerable pre-versions 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13 due to a flaw in apps/meteor/app/apple/server/loginHandler.ts where handleIdentityToken parses an Apple OAuth JWT. If the JWT lacks an email, the code falls back to accepting an arbitrary email value supplie...

CVE-2026-56269

Flowise before 3.1.0 (npm package flowise;

CVE-2026-56269 Flowise - Weak Default Token Hash Secret in JWT Token Encryption

Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

FUXA <= 1.2.7 - Hardcoded JWT Secret Authentication Bypass

FUXA v1.2.7 contains a hardcoded credentials vulnerability caused by use of a hard-coded secret key in server/api/jwt-helper.js, letting remote attackers forge admin tokens and bypass authentication, exploit requires no special conditions. id: CVE-2025-69971 info: name: FUXA = 1.2.7 - Hardcoded J...

CVE-2026-53928

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a stolen refresh token survived a password-forgot flow and could be used to mint fresh JWTs even after the user reset their password. passwordChange and passwordReset deleted the user's refresh tokens, but passwordForg...

CVE-2026-56265

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

CVE-2026-56265

CVE-2026-56265 affects Crawl4AI prior to 0.8.7 due to a hardcoded default JWT signing key in the Docker API server. The root cause is token forgery: an attacker who knows the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protec...

CVE-2026-56265 Crawl4AI - Authentication Bypass via Hardcoded JWT Signing Key

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability due to a hardcoded default JWT signing key in the Docker API server. Attackers who know the default key can forge valid authentication tokens for any user, bypassing authentication and gaining full access to protected...

Incorrect Authorization

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Incorrect Authorization in the userapikeyauth.py file of the M2M JWT Handler. An attacker can gain unauthorized access to resources by exploiting insufficient authorization...

CVE-2026-12771

CVE-2026-12771 affects the litellm library by BerriAI up to version 1.82.2, specifically in litellm/proxy/auth/user_api_key_auth.py (M2M JWT Handler). The flaw enables improper authorization via remote exploitation with high attack complexity; public PoC exists. SNYK detaails identify the vulnera...

PT-2026-51224

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The Docker API server contains an authentication bypass issue caused by a hardcoded default JWT JSON Web Token signing key. A JWT is a compact, URL-safe means of representing claims to be transferre...

CVE-2026-39999 Apache APISIX: JWT Algorithm Confusion allows authentication bypass

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...

CVE-2026-39999

CVE-2026-39999 is an authentication bypass in Apache APISIX caused by misconfigurations in the jwt-auth plugin. Affected versions are 2.2 through 3.16.0; the issue allows bypassing authentication via spoofed tokens. The entry is resolved by upgrading to v3.17.0, which fixes the vulnerability. Rel...

CVE-2026-50202

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...

CVE-2026-50202

Summary: CVE-2026-50202 affects Steeltoe libraries: Steeltoe.Security.Authentication.CloudFoundryBase &lt; 3.4.0, Steeltoe.Security.Authentication.JwtBearer &lt; 4.2.0, and Steeltoe.Security.Authentication.OpenIdConnect

CVE-2026-48781

Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a session-shape JWT using the application's JWTSECRET, and the auth middleware trusted every claim in that JWT without re-resolving the user from...

CVE-2026-53776 Perry < 0.5.1166 JWT Expiration Bypass via verify_decode

Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...

EUVD-2026-37126

Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validateexp = false in the verifydecode helper within the stdlib JWT verification path. Attackers in possession of a previously issued...