Skip to main content

Jans

1 CVEs product

Monthly

CVE-2026-45795 MEDIUM PATCH This Month

Signature bypass in Janssen jans-auth-server's OIDC authorization request object processing allows unauthenticated remote attackers to submit JWE-wrapped authorization requests containing unsigned plain JSON payloads, circumventing the integrity guarantee that JAR (RFC 9101) is designed to enforce. Two distinct code defects enable the bypass: the server silently skips nested JWS validation when getSignedJWTPayload() returns null, and the forceSignedRequestObject enforcement fails to reject null-mapped algorithm identifiers such as RSA-OAEP (an encryption algorithm, not a signature algorithm). No public exploit code has been identified and the vulnerability is not listed in CISA KEV; it is fixed in version 2.0.0.

Jwt Attack Information Disclosure Jans
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Signature bypass in Janssen jans-auth-server's OIDC authorization request object processing allows unauthenticated remote attackers to submit JWE-wrapped authorization requests containing unsigned plain JSON payloads, circumventing the integrity guarantee that JAR (RFC 9101) is designed to enforce. Two distinct code defects enable the bypass: the server silently skips nested JWS validation when getSignedJWTPayload() returns null, and the forceSignedRequestObject enforcement fails to reject null-mapped algorithm identifiers such as RSA-OAEP (an encryption algorithm, not a signature algorithm). No public exploit code has been identified and the vulnerability is not listed in CISA KEV; it is fixed in version 2.0.0.

Jwt Attack Information Disclosure Jans
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy