External risk intelligence

LibJWT can be tricked into accepting fake tokens allowing attackers to bypass security controls.

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-44699

LibJWT can be tricked into accepting fake tokens, allowing attackers to bypass security on internet-facing applications without needing any secret keys.

4Halo Surface Signal

Authentication Bypass

External exposure likelihood

Halo Surface Signal score for CVE-2026-44699

LibJWT is a library used to handle JWT authentication and token verification within web applications and APIs. Since these components are essential for authenticating users at the perimeter of internet-facing services, the vulnerable code path is commonly exposed to network-based inputs in typical web service deployments.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in the LibJWT library allows an attacker to forge valid security tokens without needing any secret keys. It happens when an RSA key is accepted without a specified algorithm, causing the verification to fail improperly. This is a serious concern for applications that load RSA keys from external sources and then rely on the token's header to determine the verification method.

  • Bypasses authentication.
  • Affects applications verifying tokens.
  • Can be exploited remotely.

Attack Path

How an attacker could exploit the issue

An attacker could forge a valid JSON Web Token (JWT) by exploiting an algorithm confusion vulnerability in LibJWT. This attack targets applications that improperly handle RSA keys when verifying tokens signed with symmetric algorithms like HS256. By sending a specially crafted JWT, an attacker can bypass authentication without needing any secret or private keys.

  • No prior authentication needed.
  • Targets verification logic.
  • RSA key JWKS without alg.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows attackers to forge JWTs without knowing any secrets by exploiting an algorithm confusion when RSA keys are used for HS256/HS384/HS512 token verification. It impacts applications that accept JWK keys without an 'alg' parameter and then use the header's 'alg' for verification, a common practice. While the fix is available, the potential for widespread exploitation in authentication systems makes it a significant concern.

  • No public exploits observed.
  • KEV listing is not present.
  • Fix is available.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching LibJWT to version 3.3.3 or later for applications that use RSA JWKs with omitted `alg` parameters for token verification. If immediate patching is not feasible, implement strict validation of the `alg` parameter within JWT headers to prevent algorithm confusion.

  • Update libjwt to 3.3.3.
  • Validate JWT header `alg` parameter.
  • Monitor for forged tokens.

Frequently asked questions

What is LibJWT and its function in web security?

LibJWT is a C library designed for managing JSON Web Tokens (JWTs). It enables applications to create and validate these tokens, which are frequently used to securely exchange information between parties as a JSON object, commonly in authentication and authorization processes for web applications and APIs.

How does CVE-2026-44699 permit token forgery?

CVE-2026-44699 is an algorithm-confusion vulnerability where LibJWT accepts an RSA key for verifying symmetric tokens (like HS256) without algorithm validation. This allows HMAC verification with a zero-length key, enabling an attacker to forge a valid JWT without possessing any secret or private RSA key.

What specific weakness allows attackers to bypass authentication?

The vulnerability stems from an algorithm confusion flaw (CWE-327, CWE-347). LibJWT improperly handles RSA keys for symmetric token verification (HS256/HS384/HS512) when the key lacks an algorithm parameter. This oversight leads to a bypass of authentication controls.

What is the relevance of CVE-2026-44699 to security systems?

This vulnerability is relevant because it allows attackers to forge JWTs, bypassing authentication without needing any secrets or private keys. It affects applications that load RSA keys from JWKS where the algorithm is omitted, a common configuration, and then use the JWT header to determine the verification algorithm, potentially exposing systems to unauthorized access.

What is the recommended remediation for this vulnerability?

The recommended fix is to update LibJWT to version 3.3.3 or later. If immediate patching is not possible, applications should implement stringent validation of the 'alg' parameter within JWT headers to prevent algorithm confusion and potential token forgery.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified