Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/12 8:55 a.m.6 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

5.2AI score0.00418EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:55 a.m.36 views

CVE-2026-50627 Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' Audience claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users...

0.00418EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-48846

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 4.2.2 Apache CXF versions prior to 4.1.7 Description The JwtAccessTokenValidator class fails to validate the aud Audience claims of incoming JWT access tokens. This flaw enables a JWT issued for one Resource Server...

9.1CVSS5.2AI score0.00418EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/18 10:37 p.m.4 views

CVE-2025-68129

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

6.8CVSS6.9AI score0.00368EPSS
Exploits0References1
Rows per page
Query Builder