3 matches found
CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...
EUVD-2018-18619
Malware in sbrugna...
CVE-2018-6873
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated...