Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

fast-jwt — Vulnerabilities & Security Advisories 7

All 7 CVE vulnerabilities found in fast-jwt, with AI-generated Chinese analysis, references, and POCs.

Vendor: nearform

CVE IDTitleCVSSSeverityPublished
CVE-2026-35041 ReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verification CWE-1333 4.2 Medium2026-04-09
CVE-2026-35040 fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS) CWE-697 5.3 Medium2026-04-09
CVE-2026-35042 fast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation) CWE-345 7.5 High2026-04-06
CVE-2026-35039 fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup) CWE-345 9.1 Critical2026-04-06
CVE-2026-34950 fast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key CWE-327 9.1 Critical2026-04-06
CVE-2025-30144 Fast-JWT Improperly Validates iss Claims CWE-345 6.5 Medium2025-03-19
CVE-2023-48223 fast-jwt JWT Algorithm Confusion CWE-20 5.9 Medium2023-11-20

All 7 known CVE vulnerabilities affecting fast-jwt with full Chinese analysis, references, and POCs where available.