CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable to a Denial Of Service DoS. The vulnerability is due to a re-entry bug in the JwksFetcherImpl during failed remote JWKS fetching with multiple JWT tokens, which allows an attacker to trigger a crash by sending crafted requests that cause overlapping fetch...

CVE-2026-27478 Unity Catalog has a JWT Issuer Validation Bypass Allows Complete User Impersonation

Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to...

GHSA-MP85-7MRQ-R866 Envoy crashes when JWT authentication is configured with the remote JWKS fetching

Summary Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allowmissingorfailed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. Details This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS...

PT-2025-48969

Name of the Vulnerable Software and Affected Versions Envoy versions 1.33.12 through 1.36.2 Description Envoy, a high-performance edge/middle/service proxy, experiences crashes when JWT authentication is configured with remote JWKS fetching enabled, allow missing or failed is set to true, multipl...

get-jwks 安全漏洞

get-jwks is a Nearform open source utility for obtaining JWKS keys. A security vulnerability exists in get-jwks versions prior to 11.0.2, which stems from a cache poisoning issue in the JWKS key fetching mechanism that could lead to bypassing issuer authentication...