JOSE library allows forged JWT tokens (CVE-2026-34240)

Vendor-confirmed - CVE-2026-34240 is a high authentication bypass in the JOSE library prior to 0.3.5+1 that lets any remote attacker forge arbitrary JWT tokens by embedding their own public key in the token header, undermining all signature verification. Upgrade immediately to version 0.3.5+1.

Overview

A critical vulnerability in the JOSE (Javascript Object Signing and Encryption) library allows attackers to forge trusted digital signatures. This flaw, tracked as CVE-2026-34240, undermines the core security promise of JSON Web Tokens (JWTs) and signed objects.

Vulnerability Details

In affected versions (prior to 0.3.5+1), the library’s key selection logic contains a fundamental flaw. During token verification, the system would incorrectly accept a public key embedded directly within the token’s JOSE header (a jwk parameter) as a valid verification key, even if that key was not pre-approved in the application’s trusted key store.

Since an attacker fully controls the token header, they can create a malicious token, embed their own public key, and sign the token with the corresponding private key. The vulnerable library will then use the attacker’s embedded public key to verify their own signature, incorrectly validating the token as genuine.

Impact

The impact is severe for any application using the affected JOSE library to verify JWS or JWT tokens for authentication or data integrity. An unauthenticated remote attacker could forge tokens with any payload, such as creating administrator accounts, accessing another user’s data, or bypassing authorization checks entirely. The attack requires no user interaction and has low complexity.

Remediation and Mitigation

The primary fix is to immediately upgrade the JOSE library to version 0.3.5+1.

If immediate upgrading is not possible, implement the following workaround in your application code: Configure your token verification logic to reject any token where a jwk (JSON Web Key) parameter is present in the header, unless that exact key is already found within your application’s pre-configured, trusted key store. This workaround enforces the correct security model where trust is established out-of-band, not from the token itself.

For more on the consequences of authentication bypasses, recent incidents are detailed in our breach reports.

## Security Insight

This vulnerability is a classic example of a trust boundary violation, reminiscent of past JWT library flaws like the “alg:none” issue. It highlights a persistent challenge in cryptographic library design: ensuring the verification logic strictly adheres to the principle that all inputs from an untrusted source-including header parameters-must be distrusted by default. This incident underscores the necessity for rigorous security reviews of dependency updates, even in mature security-focused libraries. Stay informed on such trends through our security news.

Further Reading

• All High Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs