Skip to main content

Steeltoe Security Authentication Jwtbearer

1 CVEs product

Monthly

CVE-2026-50202 NuGet MEDIUM PATCH GHSA This Month

Cross-authority JWT signing key confusion in Steeltoe authentication libraries allows tokens issued by one identity provider to be accepted by application schemes configured for a different authority. Affected are CloudFoundryBase prior to 3.4.0, JwtBearer prior to 4.2.0, and OpenIdConnect prior to 4.2.0 when deployed in multi-scheme configurations. No public exploit has been identified at time of analysis; vendor patches are available and no CISA KEV listing exists.

Information Disclosure Steeltoe Security Authentication Cloudfoundrybase Steeltoe Security Authentication Jwtbearer Steeltoe Security Authentication Openidconnect
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Cross-authority JWT signing key confusion in Steeltoe authentication libraries allows tokens issued by one identity provider to be accepted by application schemes configured for a different authority. Affected are CloudFoundryBase prior to 3.4.0, JwtBearer prior to 4.2.0, and OpenIdConnect prior to 4.2.0 when deployed in multi-scheme configurations. No public exploit has been identified at time of analysis; vendor patches are available and no CISA KEV listing exists.

Information Disclosure Steeltoe Security Authentication Cloudfoundrybase Steeltoe Security Authentication Jwtbearer +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy