Astra Linux - уязвимость в ceph

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and earlier, it is possible to send a JWT with “none” as its JWT algorithm. By doing this, the JWT signature is not checked. The vulnerability lies most likely in the RadosGW OIDC provider. As of the time of...

CVE-2026-39413

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none'...

CVE-2026-39413 LightRAG has a JWT Algorithm Confusion Vulnerability in LightRAG API

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none'...

jwt-exploit-toolkit

JWT Exploit Toolkit !Pythonhttps://img.shields.io/badge/Py...

GHSA-8FFJ-4HX4-9PGF lightrag-hku: JWT Algorithm Confusion Vulnerability

Summary The LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none' algorithm, a crafted token without a signature will be accepted as valid,...

lightrag-hku: JWT Algorithm Confusion Vulnerability

Summary The LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none' algorithm, a crafted token without a signature will be accepted as valid,...

LightRAG 数据伪造问题漏洞

LightRAG is an open-source retrieval-enhanced generation application developed by the Data Intelligence Laboratory at the Hong Kong University HKU. Versions of LightRAG prior to 1.4.14 contained a data manipulation vulnerability caused by JWT algorithm exploitation attacks. This vulnerability...

Exploit for CVE-2026-29000

CVE-2026-29000: pac4j-jwt Authentication Bypass POC This repo...

SUSE CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

PT-2026-23089

Name of the Vulnerable Software and Affected Versions Authlib versions 1.6.5 through 1.6.7 Description Authlib, a Python library for building OAuth and OpenID Connect servers, had a flaw in signature verification. Specifically, tests involving a malicious JWT with 'alg: none' and an empty signatu...

CVE-2026-27804

Parse Server versions prior to 8.6.3 and 9.1.1-alpha.4 are vulnerable to unauthenticated login via forged Google tokens (alg: none). The root cause is trusting the JWT header for algorithm selection; the fix hardcodes RS256 and shifts key validation to jwks-rsa, rejecting unknown key IDs. Affecte...

jose-swift has JWT Signature Verification Bypass via None Algorithm

Summary An authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting "alg": "none" in the token header. The library's verification functions immediately return true for such tokens without performing any cryptographic verification, enabling...

GHSA-88Q6-JCJG-HVMW jose-swift has JWT Signature Verification Bypass via None Algorithm

Summary An authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting "alg": "none" in the token header. The library's verification functions immediately return true for such tokens without performing any cryptographic verification, enabling...

EUVD-2026-1693

jose-swift has JWT Signature Verification Bypass via None Algorithm...

jose-swift has JWT Signature Verification Bypass via None Algorithm

An authentication bypass vulnerability allows any unauthenticated attacker to forge arbitrary JWT tokens by setting "alg": "none" in the token header. The library's verification functions immediately return true for such tokens without performing any cryptographic verification, enabling complete...

CVE-2025-61152

python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...

CVE-2025-61152

The vulnerability CVE-2025-61152 affects python-jose up to version 3.3.0. It allows JWT tokens signed with alg=none to be decoded and accepted without cryptographic signature verification, enabling a forged token with arbitrary claims (e.g., is_admin=true) and bypassing authentication in applicat...

EUVD-2025-32012

Malicious code in bioql PyPI...