Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
6DescriptionGitHub Advisory
JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store.
AnalysisAI
JWT token forgery in appsup-dart/jose library (versions prior to 0.3.5+1) enables remote attackers to bypass authentication by embedding attacker-controlled public keys in JOSE headers. The library incorrectly accepts header-supplied 'jwk' parameters as trusted verification keys without validating they exist in the application's trusted keystore, allowing unauthenticated attackers to sign arbitrary tokens with their own key pairs. EPSS data not available; no public exploit identified at time of analysis, though exploitation requires only standard JWT manipulation tools.
Technical ContextAI
JOSE (JavaScript Object Signing and Encryption) libraries implement RFC 7515-7518 standards for JWT token verification. This vulnerability (CWE-347: Improper Verification of Cryptographic Signature) affects the appsup-dart/jose Dart implementation. During JWS/JWT signature verification, the library's key selection logic improperly treats the 'jwk' (JSON Web Key) parameter in the JOSE header as a valid verification candidate. JOSE headers are user-controlled input transmitted with each token, making them untrusted data. The library fails to enforce a critical security boundary: verification keys must come exclusively from the application's pre-configured trusted keystore, never from token headers. This allows algorithmic confusion where the attacker dictates which key verifies their signature, fundamentally breaking the trust model of asymmetric cryptography in authentication systems.
RemediationAI
Upgrade to appsup-dart/jose version 0.3.5+1 or later, which implements proper key validation to reject header-supplied jwk parameters that do not match trusted keystore entries. The fix is available via the GitHub commit at https://github.com/appsup-dart/jose/commit/b07799aac1f56a9a21483feac026272aab30cc5d. For environments unable to immediately upgrade, implement application-layer validation to reject any JWT tokens containing a 'jwk' parameter in the JOSE header, or verify that any header-supplied jwk cryptographically matches a key already present in your application's trusted key configuration. Review authentication logs for anomalous token validations that may indicate exploitation attempts prior to patching.
More in Jwt Attack
View allWhy is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update
Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke
Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work
The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t
cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote
Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17498
GHSA-vm9r-h74p-hg97