Description
JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store.
Published: 2026-03-31
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: Authorization Bypass via Token Forgery
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an unauthenticated attacker to create a valid JSON Web Token (JWS) or JSON Web Token (JWT) by embedding an attacker‑controlled public key in the token header (jwk). During verification, the library may mistakenly use this header key even if it is not part of the trusted key store. An attacker can sign the token with the corresponding private key, tricking applications into treating the token as authentic. This weakness can lead to privilege escalation or unauthorized access and is classified as CWE-347. The impact is the loss of authentication integrity for any application that relies on the affected version for token validation.

Affected Systems

The affected product is the jose library supplied by appsup-dart, versions prior to 0.3.5+1. Applications integrating this library for JWS/JWT verification are impacted and should ensure they use the patched version or a compatible alternative.

Risk and Exploitability

The CVSS score is 7.5, indicating a medium‑to‑high severity. Since EPSS data is not available and the issue is not listed in the KEV catalog, the overall risk is still significant, especially in environments where JWTs govern access control. The likely attack vector is remote: an attacker can transmit a crafted token over any network channel used by the application. If the application accepts the forged token, the attacker gains the same privileges as the token’s intended bearer. Even with a patch, failure to validate the presence of the header key against a trusted store can allow exploitation. As such, the vulnerability is highly actionable and demands swift remediation.

Generated by OpenCVE AI on March 31, 2026 at 17:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the jose library to version 0.3.5+1 or later.
  • If updating is not immediately possible, configure the application to reject any token that contains a jwk header unless that key matches one already in the trusted key store.
  • Verify that the application’s key store is properly maintained and that only verified keys are used for token verification.
  • Monitor authentication logs for anomalous token usage to detect potential exploitation attempts.

Generated by OpenCVE AI on March 31, 2026 at 17:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-vm9r-h74p-hg97 jose vulnerable to untrusted JWK header key acceptance during signature verification
History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Appsup-dart
Appsup-dart jose
Vendors & Products Appsup-dart
Appsup-dart jose

Tue, 31 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store.
Title jose vulnerable to untrusted JWK header key acceptance during signature verification
Weaknesses CWE-347
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Appsup-dart Jose
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T15:44:23.578Z

Reserved: 2026-03-26T16:22:29.034Z

Link: CVE-2026-34240

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T16:16:33.090

Modified: 2026-03-31T16:16:33.090

Link: CVE-2026-34240

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:38:01Z

Weaknesses