Libjwt Libjwt
2 CVEs affecting Libjwt Libjwt. Latest disclosed: 2026-03-27. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-25189 | Critical | 9.8 | 2024-02-08 | libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. |
CVE-2026-33996 | Medium | 5.5 | 2026-03-27 | LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL value wh… |