CVE-2026-25537
CVE-2026-25537 concerns a type-confusion in the jsonwebtoken crate (Rust) prior to 10.3.0, where malformed standard claims may be treated as not present, bypassing time-based checks. Connected Fedora advisories indicate vaultwarden (Bitwarden-compatible server) updates to 1.36.0 address multiple ...