Vulnerability in Benmcollins Libjwt
CVE-2026-44699
LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to ru…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.000 (8.2th percentile) — read the EPSS interpretation.
Affected products
- Benmcollins Libjwt — versions >= 3.0.0, < 3.3.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)