Description
JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store.
Published: 2026-03-31
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Token forgery (untrusted JWT form)
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in the JOSE library permits an attacker to forge signed JSON Web Tokens by embedding a malicious public key in the token header and using the matching private key for signing. This bypasses normal verification because the library mistakenly accepts the header‑provided key as a valid verification candidate, even when that key is not part of the trusted key store. The result is that an unauthenticated remote actor can generate tokens that the application will accept as legitimate, enabling unauthorized privilege escalation or access to protected resources. The weakness is a broken trust model in key selection, identified as CWE‑347.

Affected Systems

Affected deployments are those using the JOSE library (appsup‑dart:jose) in versions prior to 0.3.5+1. Ecosystem components that rely on JOSE for validating JWS or JWT payloads are vulnerable until upgraded to the patched release or until the workaround is applied.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, while the EPSS value of less than 1% suggests low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog, indicating no widespread public exploitation to date. An attacker can achieve this by merely crafting a token with an attacker‑controlled public key in the header and providing the signed payload; no special privileges are needed on the target system. Therefore, the risk is significant for any application that accepts JOSE‑signed tokens without independent key validation.

Generated by OpenCVE AI on April 6, 2026 at 17:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the JOSE library to version 0.3.5+1 or later.
  • If an upgrade is not immediately feasible, implement a workaround: reject any token that contains a header jwk unless the jwk exactly matches a key already present in the trusted key store.
  • Verify that all token validation logic strictly uses only trusted keys, and periodically audit token handling code for other potential weaknesses.

Generated by OpenCVE AI on April 6, 2026 at 17:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vm9r-h74p-hg97 jose vulnerable to untrusted JWK header key acceptance during signature verification
History

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:appsup-dart:jose:*:*:*:*:*:*:*:*

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Appsup-dart
Appsup-dart jose
Vendors & Products Appsup-dart
Appsup-dart jose

Tue, 31 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store.
Title jose vulnerable to untrusted JWK header key acceptance during signature verification
Weaknesses CWE-347
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Appsup-dart Jose
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-01T14:03:14.969Z

Reserved: 2026-03-26T16:22:29.034Z

Link: CVE-2026-34240

cve-icon Vulnrichment

Updated: 2026-04-01T14:03:10.575Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T16:16:33.090

Modified: 2026-04-06T15:02:26.300

Link: CVE-2026-34240

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:08:01Z

Weaknesses