Executive Summary

CVE-2026-34950 is a vulnerability in the fast-jwt library (version 6.1.0 and earlier) related to improper handling of leading whitespace in RSA public key PEM strings during JWT algorithm detection.

The issue arises because the regex used to detect RSA public keys is anchored to the start of the string and does not trim leading whitespace. This causes the public key to be misclassified as an HMAC secret key, enabling an attacker to perform a JWT algorithm confusion attack.

In this attack, an attacker can forge JWT tokens signed with HS256 using the public key as the HMAC secret, bypassing the intended cryptographic protections and gaining unauthorized access or privileges.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows attackers to forge arbitrary JWT tokens that will be accepted by the verification process, even though they are not legitimately signed.

Specifically, if your application uses RS256 JWT tokens and the public keys contain leading whitespace, attackers can exploit this to bypass authentication or authorization controls by creating tokens with elevated privileges.

The impact includes a complete compromise of confidentiality and integrity of JWT-based authentication, potentially allowing unauthorized access to protected resources.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability arises from the presence of leading whitespace in RSA public key PEM strings used by fast-jwt versions 6.1.0 and earlier, which causes incorrect JWT algorithm detection.

To detect this vulnerability on your system, you should check if your application uses fast-jwt version 6.1.0 or earlier and if the public keys used for JWT verification contain leading whitespace characters (spaces, tabs, newlines).

You can inspect the PEM public keys for leading whitespace by extracting them from your environment, configuration files, or wherever they are stored.

Example commands to detect leading whitespace in PEM keys:

• Use grep or head to check for leading whitespace in PEM files: `head -n 1 public_key.pem | od -c` (to see if the first line starts with whitespace characters).
• Use a command to detect leading whitespace in environment variables or config files, e.g., `grep -P '^\s+' your_key_file.pem`.
• Check your package.json or lock files to confirm the fast-jwt version: `npm list fast-jwt`.

Additionally, monitor JWT verification behavior for unexpected acceptance of HS256 tokens signed with public keys, which may indicate exploitation.

Useful 0 Not Useful 0

Mitigation Strategies

Since no patched versions of fast-jwt are available for this vulnerability, immediate mitigation steps include:

• Ensure that all RSA public key PEM strings used in your application are trimmed of any leading whitespace before being processed by fast-jwt.
• Explicitly specify allowed JWT algorithms during token verification to prevent algorithm confusion attacks, for example, restrict verification to RS256 only.
• Audit your JWT verification logic to reject tokens signed with HS256 when expecting RS256 tokens.
• If possible, implement additional validation or use alternative JWT libraries that correctly handle PEM key whitespace.

These steps help prevent attackers from exploiting the vulnerability by forging tokens using the public key as an HMAC secret.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in fast-jwt allows attackers to forge arbitrary JWT payloads by exploiting an algorithm confusion attack, which can lead to unauthorized access and manipulation of sensitive data.

Such unauthorized access and data integrity breaches can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality and integrity.

Specifically, the vulnerability undermines cryptographic protections intended to secure authentication tokens, potentially exposing personal or protected health information to attackers.

Useful 0 Not Useful 0