Monthly
Algorithm allow-list bypass in PyJWT 2.9.0-2.12.1 permits an attacker who controls a registered JWK/JWKS private key to circumvent caller-enforced algorithm restrictions during JWT signature verification. The library correctly checks the token header's alg claim against the caller-supplied allow-list, but then performs the actual cryptographic verification using the algorithm bound to the PyJWK object rather than the header-declared algorithm - creating a exploitable mismatch. Specifically, the documented PyJWKClient.get_signing_key_from_jwt() flow is affected, meaning applications relying on this pattern for algorithm-restricted JWT validation may accept tokens signed with algorithms they explicitly prohibited. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Signature policy bypass in Red Hat Build of Keycloak's JWE request object handling allows unauthenticated remote attackers to inject unauthorized claims into the OpenID Connect authorization flow. When a JWE-encrypted request object is submitted and its decrypted content is raw JSON, Keycloak improperly skips signature verification, violating both OIDC Core and Financial-grade API (FAPI) signing requirements. No public exploit code exists at time of analysis, but the integrity-only impact (CVSS I:H) is directly relevant to authorization trust boundaries, making this high-priority for FAPI-compliant or financial-sector Keycloak deployments.
Arbitrary root code execution in Phoenix Contact PLCnext Control devices (all firmware before 2026.0.3) is reachable by an authenticated low-privileged Engineer user who installs APP packages from the PLCnext Store through the Web-based Management (WBM) interface. Because the device never verifies the integrity or signature of the downloaded app (CWE-347, tagged JWT Attack), a tampered package runs as root and can compromise the integrity and availability of the controller. No public exploit is identified at time of analysis and EPSS is low (0.06%, 18th percentile), but the flaw is network-reachable with low attack complexity and a vendor patch (2026.0.3) is available.
Unauthenticated agent token theft in Coder v2 (self-hosted developer workspace platform) stems from azureidentity.Validate() verifying the PKCS#7 signer's certificate chain but skipping signature verification of the signed content itself. Remote attackers who know a target VM's vmId (a UUIDv4) can forge a PKCS#7 envelope containing a legitimate Azure certificate alongside attacker-controlled content and POST it to the unauthenticated /api/v2/workspaceagents/azure-instance-identity endpoint to receive the victim workspace agent's session token, which then unlocks Git SSH keys, OAuth tokens for GitHub/GitLab/Bitbucket, and workspace secrets. No public exploit identified at time of analysis, but the vulnerability is vendor-confirmed via GHSA-6x44-w3xg-hqqf and a detailed root-cause analysis with attack-path diagram is published.
Authentication bypass in epa4all-client allows MITM attackers positioned within the TI (Telematikinfrastruktur) network to capture SMC-B-signed authentication material by substituting a forged OIDC discovery document. The vulnerability affects all versions prior to 1.2.2 and requires the attacker to intercept TLS connections between the client and Identity Provider. No public exploit identified at time of analysis.
Zen Browser's auto-update mechanism delivered unsigned code to all users due to deliberately removed MAR signature verification inherited from Firefox. The browser shipped with Mozilla's updater binary stripped of all cryptographic verification code and served update packages containing zero cryptographic signatures. Compromise of the update server or GitHub Actions pipeline allowed arbitrary code execution on all Zen installations without cryptographic chain-of-trust protection. Version 1.19.9b restores MAR signing with RSA-4096 keys and certificate verification in the updater binary.
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhook request. This allows an unauthenticated attacker to spoof SNS events to trigger workflow automations, unsubscribe contacts, manipulate email delivery metrics, and potentially exhaust billing credits. This issue has been patched in version 0.9.0.
Signature verification bypass in bitcoinj-core library allows attackers to forge Bitcoin transaction validations by exploiting fast-path optimization flaws in P2PKH and P2WPKH script execution. Versions 0.15 through 0.17.0 fail to verify that attacker-supplied public keys match the hash committed to in transaction outputs, enabling arbitrary keypairs to satisfy local transaction validation checks. While this does not affect SPV (Simple Payment Verification) nodes that follow proof-of-work without signature verification, applications using the correctlySpends() method for transaction validation or pre-signing checks are vulnerable to accepting fraudulent transactions. Vendor-released patch available in version 0.17.1, fixes confirmed in GitHub commits 2bc5653c and b575a682. No active exploitation confirmed (not in CISA KEV); EPSS data unavailable.
Consensus divergence in Zebra 4.3.1 enables blockchain network partitioning through crafted transparent transactions with invalid sighash types. Insufficient error handling at the Rust-to-C++ FFI boundary causes Zebra to incorrectly accept transactions with undefined hash types by reusing stale buffer data from prior valid signature checks, while zcashd correctly rejects these transactions. Attackers can exploit this by chaining OP_CHECKSIGVERIFY with OP_CHECKSIG opcodes using invalid hash types to trigger acceptance on Zebra nodes but rejection on zcashd nodes, creating a consensus split that could enable double-spend attacks. Vendor-released patch: 4.4.0. No public exploit identified at time of analysis, but the technical mechanism is fully disclosed in the GitHub advisory GHSA-gq4h-3grw-2rhv.
The Go toolchain's module proxy validation can be bypassed by attackers controlling untrusted GOPROXY or GOSUMDB endpoints, allowing delivery of malicious toolchain versions that execute with developer privileges. When the go command downloads a different toolchain version (via GOTOOLCHAIN, go.mod, or go.work directives), a malicious proxy can serve altered toolchains by exploiting checksum database validation logic that incorrectly accepts empty responses. While EPSS indicates only 1% exploitation probability and CISA SSVC marks exploitation status as 'none', the total technical impact rating and network attack vector (AV:N) represent significant supply chain risk for organizations using non-default module proxies. Vendor patch available in Go 1.26.3 and 1.25.10.
Algorithm allow-list bypass in PyJWT 2.9.0-2.12.1 permits an attacker who controls a registered JWK/JWKS private key to circumvent caller-enforced algorithm restrictions during JWT signature verification. The library correctly checks the token header's alg claim against the caller-supplied allow-list, but then performs the actual cryptographic verification using the algorithm bound to the PyJWK object rather than the header-declared algorithm - creating a exploitable mismatch. Specifically, the documented PyJWKClient.get_signing_key_from_jwt() flow is affected, meaning applications relying on this pattern for algorithm-restricted JWT validation may accept tokens signed with algorithms they explicitly prohibited. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
Signature policy bypass in Red Hat Build of Keycloak's JWE request object handling allows unauthenticated remote attackers to inject unauthorized claims into the OpenID Connect authorization flow. When a JWE-encrypted request object is submitted and its decrypted content is raw JSON, Keycloak improperly skips signature verification, violating both OIDC Core and Financial-grade API (FAPI) signing requirements. No public exploit code exists at time of analysis, but the integrity-only impact (CVSS I:H) is directly relevant to authorization trust boundaries, making this high-priority for FAPI-compliant or financial-sector Keycloak deployments.
Arbitrary root code execution in Phoenix Contact PLCnext Control devices (all firmware before 2026.0.3) is reachable by an authenticated low-privileged Engineer user who installs APP packages from the PLCnext Store through the Web-based Management (WBM) interface. Because the device never verifies the integrity or signature of the downloaded app (CWE-347, tagged JWT Attack), a tampered package runs as root and can compromise the integrity and availability of the controller. No public exploit is identified at time of analysis and EPSS is low (0.06%, 18th percentile), but the flaw is network-reachable with low attack complexity and a vendor patch (2026.0.3) is available.
Unauthenticated agent token theft in Coder v2 (self-hosted developer workspace platform) stems from azureidentity.Validate() verifying the PKCS#7 signer's certificate chain but skipping signature verification of the signed content itself. Remote attackers who know a target VM's vmId (a UUIDv4) can forge a PKCS#7 envelope containing a legitimate Azure certificate alongside attacker-controlled content and POST it to the unauthenticated /api/v2/workspaceagents/azure-instance-identity endpoint to receive the victim workspace agent's session token, which then unlocks Git SSH keys, OAuth tokens for GitHub/GitLab/Bitbucket, and workspace secrets. No public exploit identified at time of analysis, but the vulnerability is vendor-confirmed via GHSA-6x44-w3xg-hqqf and a detailed root-cause analysis with attack-path diagram is published.
Authentication bypass in epa4all-client allows MITM attackers positioned within the TI (Telematikinfrastruktur) network to capture SMC-B-signed authentication material by substituting a forged OIDC discovery document. The vulnerability affects all versions prior to 1.2.2 and requires the attacker to intercept TLS connections between the client and Identity Provider. No public exploit identified at time of analysis.
Zen Browser's auto-update mechanism delivered unsigned code to all users due to deliberately removed MAR signature verification inherited from Firefox. The browser shipped with Mozilla's updater binary stripped of all cryptographic verification code and served update packages containing zero cryptographic signatures. Compromise of the update server or GitHub Actions pipeline allowed arbitrary code execution on all Zen installations without cryptographic chain-of-trust protection. Version 1.19.9b restores MAR signing with RSA-4096 keys and certificate verification in the updater binary.
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhook request. This allows an unauthenticated attacker to spoof SNS events to trigger workflow automations, unsubscribe contacts, manipulate email delivery metrics, and potentially exhaust billing credits. This issue has been patched in version 0.9.0.
Signature verification bypass in bitcoinj-core library allows attackers to forge Bitcoin transaction validations by exploiting fast-path optimization flaws in P2PKH and P2WPKH script execution. Versions 0.15 through 0.17.0 fail to verify that attacker-supplied public keys match the hash committed to in transaction outputs, enabling arbitrary keypairs to satisfy local transaction validation checks. While this does not affect SPV (Simple Payment Verification) nodes that follow proof-of-work without signature verification, applications using the correctlySpends() method for transaction validation or pre-signing checks are vulnerable to accepting fraudulent transactions. Vendor-released patch available in version 0.17.1, fixes confirmed in GitHub commits 2bc5653c and b575a682. No active exploitation confirmed (not in CISA KEV); EPSS data unavailable.
Consensus divergence in Zebra 4.3.1 enables blockchain network partitioning through crafted transparent transactions with invalid sighash types. Insufficient error handling at the Rust-to-C++ FFI boundary causes Zebra to incorrectly accept transactions with undefined hash types by reusing stale buffer data from prior valid signature checks, while zcashd correctly rejects these transactions. Attackers can exploit this by chaining OP_CHECKSIGVERIFY with OP_CHECKSIG opcodes using invalid hash types to trigger acceptance on Zebra nodes but rejection on zcashd nodes, creating a consensus split that could enable double-spend attacks. Vendor-released patch: 4.4.0. No public exploit identified at time of analysis, but the technical mechanism is fully disclosed in the GitHub advisory GHSA-gq4h-3grw-2rhv.
The Go toolchain's module proxy validation can be bypassed by attackers controlling untrusted GOPROXY or GOSUMDB endpoints, allowing delivery of malicious toolchain versions that execute with developer privileges. When the go command downloads a different toolchain version (via GOTOOLCHAIN, go.mod, or go.work directives), a malicious proxy can serve altered toolchains by exploiting checksum database validation logic that incorrectly accepts empty responses. While EPSS indicates only 1% exploitation probability and CISA SSVC marks exploitation status as 'none', the total technical impact rating and network attack vector (AV:N) represent significant supply chain risk for organizations using non-default module proxies. Vendor patch available in Go 1.26.3 and 1.25.10.