Back to CVE List

CVE-2026-33204

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Description

SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt() on attacker-controlled JWEs using PBES2 algorithms are affected. This issue has been patched in version 1.1.1.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-400
Source
GitHub
Vendor
composer
Product
kelvinmo/simplejwt

External References

Discussion (0)

Add Comment

No comments yet. Be the first!