CVE-2026-45795
The Janssen Project's Jans-auth-server had a JWE request object signature verification bypass prior to version 2.0.0: unsigned JWE were accepted because JwtAuthorizationRequest skipped inner signature validation when jwe.getSignedJWTPayload() was null, and AuthzRequestService.processRequestObject...