CVE-2026-33996 in libjwt
요약 (영어)
LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value when expecting to parse JSON string values. A specially crafted JWK file could exploit this behavior by using integers in places where the code expected a string. This was fixed in v3.3.0. A workaround is available. Users importing keys through a JWK file should not do so from untrusted sources. Use the `jwk2key` tool to check for validity of a JWK file. Likewise, if possible, do not use JWK files with RSA-PSS keys.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
책임이 있는
GitHub_M
예약하다
2026. 03. 24.
공개
2026. 03. 28.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 354063 | benmcollins libjwt JWK Parser 서비스 거부 | 476 | 정의되지 않음 | 공식 수정 | CVE-2026-33996 |