CVE-2026-34240 in jose
Summary
by MITRE • 03/31/2026
JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/31/2026
The vulnerability identified as CVE-2026-34240 affects the JOSE JavaScript library, which implements standards for JavaScript Object Signing and Encryption including JSON Web Signatures and JSON Web Tokens. This security flaw represents a critical weakness in the library's token verification process that could enable remote attackers to bypass authentication mechanisms. The vulnerability stems from improper key validation logic within the JOSE library's handling of JSON Web Key (jwk) parameters in the token header. When processing JWS/JWT tokens, the library fails to properly validate whether the public key specified in the jwk header parameter originates from a trusted source, creating an opportunity for attackers to manipulate the verification process through crafted tokens.
The technical implementation flaw occurs in the key selection algorithm where the JOSE library treats any jwk parameter present in the token header as a potential verification candidate regardless of its authenticity or trustworthiness. This behavior violates fundamental security principles of key management and trust validation. The vulnerability specifically manifests when applications rely on the library's default token verification behavior without implementing additional validation checks. An attacker can exploit this by creating a malicious token with a forged payload, embedding a custom public key in the jwk header field, and signing it with the corresponding private key. Since the library accepts this embedded key without verification against a trusted key store, it accepts the forged signature as valid, effectively bypassing authentication controls.
This vulnerability has significant operational impact on systems relying on JOSE for token-based authentication and authorization. Applications using affected library versions become susceptible to unauthorized access and privilege escalation attacks, as attackers can generate valid tokens for any user or role by simply providing their own key pair in the token header. The attack vector is particularly dangerous because it requires no prior knowledge of existing keys or system credentials, making it a sophisticated bypass mechanism. The vulnerability affects the core security model of JWT-based authentication systems, potentially allowing attackers to impersonate legitimate users, access restricted resources, and perform unauthorized operations within the affected applications.
The patch for CVE-2026-34240 in version 0.3.5+1 addresses this issue by implementing proper key validation logic that ensures jwk parameters in token headers are verified against the application's trusted key store before being considered for signature verification. Security practitioners should immediately update to this patched version or implement the recommended workaround of rejecting tokens containing jwk headers unless those keys are explicitly validated against the trusted key store. This vulnerability aligns with CWE-295 which addresses improper certificate validation, and relates to ATT&CK technique T1566.001 for credential access through social engineering and T1548.002 for privilege escalation through legitimate credentials. Organizations should conduct comprehensive security assessments of all systems using the JOSE library, review token handling logic, and implement additional monitoring for suspicious authentication patterns that could indicate exploitation attempts. The vulnerability demonstrates the critical importance of proper key management practices and the dangers of trusting unvalidated input parameters in cryptographic operations.