{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34240", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-26T16:22:29.034Z", "datePublished": "2026-03-31T15:44:23.578Z", "dateUpdated": "2026-04-01T14:03:14.969Z"}, "containers": {"cna": {"title": "jose vulnerable to untrusted JWK header key acceptance during signature verification", "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/appsup-dart/jose/security/advisories/GHSA-vm9r-h74p-hg97", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/appsup-dart/jose/security/advisories/GHSA-vm9r-h74p-hg97"}, {"name": "https://github.com/appsup-dart/jose/commit/b07799aac1f56a9a21483feac026272aab30cc5d", "tags": ["x_refsource_MISC"], "url": "https://github.com/appsup-dart/jose/commit/b07799aac1f56a9a21483feac026272aab30cc5d"}], "affected": [{"vendor": "appsup-dart", "product": "jose", "versions": [{"version": "< 0.3.5+1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T15:44:23.578Z"}, "descriptions": [{"lang": "en", "value": "JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store."}], "source": {"advisory": "GHSA-vm9r-h74p-hg97", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T14:02:31.709988Z", "id": "CVE-2026-34240", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T14:03:14.969Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "jose vulnerable to untrusted JWK header key acceptance during signature verification", "source": {"advisory": "GHSA-vm9r-h74p-hg97", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "appsup-dart", "product": "jose", "versions": [{"status": "affected", "version": "< 0.3.5+1"}]}], "references": [{"url": "https://github.com/appsup-dart/jose/security/advisories/GHSA-vm9r-h74p-hg97", "name": "https://github.com/appsup-dart/jose/security/advisories/GHSA-vm9r-h74p-hg97", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/appsup-dart/jose/commit/b07799aac1f56a9a21483feac026272aab30cc5d", "name": "https://github.com/appsup-dart/jose/commit/b07799aac1f56a9a21483feac026272aab30cc5d", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T15:44:23.578Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34240", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T14:02:31.709988Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-01T14:03:10.575Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-34240", "state": "PUBLISHED", "dateUpdated": "2026-03-31T15:44:23.578Z", "dateReserved": "2026-03-26T16:22:29.034Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T15:44:23.578Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:appsup-dart:jose:*:*:*:*:*:*:*:*", "matchCriteriaId": "900F124C-8D70-47CF-BE74-3D47A796AB50", "versionEndExcluding": "0.3.5\\+1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store."}], "id": "CVE-2026-34240", "lastModified": "2026-04-06T15:02:26.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T16:16:33.090", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/appsup-dart/jose/commit/b07799aac1f56a9a21483feac026272aab30cc5d"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/appsup-dart/jose/security/advisories/GHSA-vm9r-h74p-hg97"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.3.5+1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "jose", "source": "cna", "vendor": "appsup-dart"}, "product": "jose", "vendor": "appsup-dart"}], "analysis": {"en": {"generated_at": "2026-04-06T17:44:15.839545+00:00", "value": {"mitigation_remediation": ["Upgrade the JOSE library to version 0.3.5+1 or later.", "If an upgrade is not immediately feasible, implement a workaround: reject any token that contains a header jwk unless the jwk exactly matches a key already present in the trusted key store.", "Verify that all token validation logic strictly uses only trusted keys, and periodically audit token handling code for other potential weaknesses."], "summary": {"action": "Immediate Patch", "impact": "Token forgery (untrusted JWT form)"}, "threat_synthesis": {"affected_systems": "Affected deployments are those using the JOSE library (appsup\u2011dart:jose) in versions prior to 0.3.5+1. Ecosystem components that rely on JOSE for validating JWS or JWT payloads are vulnerable until upgraded to the patched release or until the workaround is applied.", "description_and_impact": "The vulnerability in the JOSE library permits an attacker to forge signed JSON Web Tokens by embedding a malicious public key in the token header and using the matching private key for signing. This bypasses normal verification because the library mistakenly accepts the header\u2011provided key as a valid verification candidate, even when that key is not part of the trusted key store. The result is that an unauthenticated remote actor can generate tokens that the application will accept as legitimate, enabling unauthorized privilege escalation or access to protected resources. The weakness is a broken trust model in key selection, identified as CWE\u2011347.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity, while the EPSS value of less than 1% suggests low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog, indicating no widespread public exploitation to date. An attacker can achieve this by merely crafting a token with an attacker\u2011controlled public key in the header and providing the signed payload; no special privileges are needed on the target system. Therefore, the risk is significant for any application that accepts JOSE\u2011signed tokens without independent key validation."}}}}, "created": "2026-03-31T19:54:05.187159+00:00", "updated": "2026-04-07T08:08:01.087579+00:00", "vendors": ["appsup-dart", "appsup-dart$PRODUCT$jose"]}