Skip to main content

Jwt Attack CVE-2026-40070

| EUVDEUVD-2026-20996 HIGH
Improper Verification of Cryptographic Signature (CWE-347)
2026-04-09 GitHub_M GHSA-hc36-c89j-5f4j
8.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

5
Re-analysis Queued
Apr 24, 2026 - 17:07 vuln.today
cvss_changed
Patch released
Apr 10, 2026 - 02:30 nvd
Patch available
EUVD ID Assigned
Apr 09, 2026 - 18:15 euvd
EUVD-2026-20996
Analysis Generated
Apr 09, 2026 - 18:15 vuln.today
CVE Published
Apr 09, 2026 - 17:26 nvd
HIGH 8.1

DescriptionGitHub Advisory

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier's signature over the certificate contents. In acquisition_protocol: 'direct', the caller supplies all certificate fields (including signature:) and the record is written to storage verbatim. In acquisition_protocol: 'issuance', the client POSTs to a certifier URL and writes whatever signature the response body contains, also without verification. An attacker who can reach either API (or who controls a certifier endpoint targeted by the issuance path) can forge identity certificates that subsequently appear authentic to list_certificates and prove_certificate.

AnalysisAI

Signature verification bypass in BSV Ruby SDK versions 0.3.1 through 0.8.1 allows authenticated attackers to forge blockchain identity certificates. The WalletClient#acquire_certificate method persists certificates without validating certifier signatures in both 'direct' acquisition (where attackers supply all fields including forged signatures) and 'issuance' protocols (where malicious certifier endpoints inject invalid signatures). Forged certificates appear authentic to list_certificates and prove_certificate operations, enabling impersonation attacks. CVSS 8.1 (AV:N/AC:L/PR:L/UI:N) reflects network-accessible exploitation requiring low-privilege authentication. No public exploit identified at time of analysis.

Technical ContextAI

Root cause is improper certificate validation (CWE-347) in certificate acquisition logic. Direct protocol accepts caller-supplied signature fields without cryptographic verification; issuance protocol trusts remote certifier responses blindly. Missing signature validation occurs before storage persistence, allowing forged certificates to contaminate wallet state and subsequently pass authenticity checks in certificate listing/proving operations.

RemediationAI

Vendor-released patch: upgrade to BSV Ruby SDK version 0.8.2 or later, which implements cryptographic signature verification before certificate persistence. The fix is delivered via commit 4992e8a265fd914a7eeb0405c69d1ff0122a84cc merged in PR #306. Organizations unable to upgrade immediately should disable certificate acquisition APIs or implement external signature validation layers. Audit existing certificate stores for potentially forged records created between initial deployment and patch application. Official advisory and technical details: https://github.com/sgbett/bsv-ruby-sdk/security/advisories/GHSA-hc36-c89j-5f4j. Implementation reference: https://github.com/sgbett/bsv-ruby-sdk/pull/306. BSV certificate specification context: https://brc.dev/52.

CVE-2013-3900 MEDIUM
5.5 Dec 11

Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update

CVE-2026-48558 CRITICAL POC
9.5 Jun 12

Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke

CVE-2025-59718 CRITICAL
9.8 Dec 09

Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to

CVE-2025-25291 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2025-25292 CRITICAL POC
9.3 Mar 12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS

CVE-2022-25898 CRITICAL POC
9.8 Jul 01

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT

CVE-2024-42004 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti

CVE-2024-41145 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27

CVE-2024-41138 CRITICAL POC
9.8 Dec 18

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work

CVE-2024-45409 CRITICAL POC
9.8 Sep 10

The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t

CVE-2022-35929 CRITICAL POC
9.8 Aug 04

cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote

CVE-2022-31053 CRITICAL POC
9.8 Jun 13

Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)

Share

CVE-2026-40070 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy