CVE-2026-49852
HIGH SEVERITYVulnerability Description
joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
pip
Product
joserfc
External References
- https://github.com/authlib/joserfc/security/advisories/GHSA-gg9x-qcx2-xmrh
- https://github.com/authlib/joserfc/commit/86d00910b2b2d2d07503fee9b572906daefab7f1
- https://github.com/authlib/joserfc/blob/1ddca8f3c73ff47e3bc3ac06cb0c08a9535677ec/src/joserfc/_rfc7518/jws_algs.py#L62-L70
- https://github.com/advisories/GHSA-gg9x-qcx2-xmrh
Discussion (0)
Add Comment
No comments yet. Be the first!