CVE-2026-34950
Regex Bypass in fast-jwt Enables JWT Algorithm Confusion
Publication date: 2026-04-06
Last updated on: 2026-04-22
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nearform | fast-jwt | to 6.2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in fast-jwt allows attackers to forge arbitrary JWT payloads by exploiting an algorithm confusion attack, which can lead to unauthorized access and manipulation of sensitive data.
Such unauthorized access and data integrity breaches can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over data confidentiality and integrity.
Specifically, the vulnerability undermines cryptographic protections intended to secure authentication tokens, potentially exposing personal or protected health information to attackers.
Can you explain this vulnerability to me?
CVE-2026-34950 is a vulnerability in the fast-jwt library (version 6.1.0 and earlier) related to improper handling of leading whitespace in RSA public key PEM strings during JWT algorithm detection.
The issue arises because the regex used to detect RSA public keys is anchored to the start of the string and does not trim leading whitespace. This causes the public key to be misclassified as an HMAC secret key, enabling an attacker to perform a JWT algorithm confusion attack.
In this attack, an attacker can forge JWT tokens signed with HS256 using the public key as the HMAC secret, bypassing the intended cryptographic protections and gaining unauthorized access or privileges.
How can this vulnerability impact me? :
This vulnerability allows attackers to forge arbitrary JWT tokens that will be accepted by the verification process, even though they are not legitimately signed.
Specifically, if your application uses RS256 JWT tokens and the public keys contain leading whitespace, attackers can exploit this to bypass authentication or authorization controls by creating tokens with elevated privileges.
The impact includes a complete compromise of confidentiality and integrity of JWT-based authentication, potentially allowing unauthorized access to protected resources.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from the presence of leading whitespace in RSA public key PEM strings used by fast-jwt versions 6.1.0 and earlier, which causes incorrect JWT algorithm detection.
To detect this vulnerability on your system, you should check if your application uses fast-jwt version 6.1.0 or earlier and if the public keys used for JWT verification contain leading whitespace characters (spaces, tabs, newlines).
You can inspect the PEM public keys for leading whitespace by extracting them from your environment, configuration files, or wherever they are stored.
Example commands to detect leading whitespace in PEM keys:
- Use grep or head to check for leading whitespace in PEM files: `head -n 1 public_key.pem | od -c` (to see if the first line starts with whitespace characters).
- Use a command to detect leading whitespace in environment variables or config files, e.g., `grep -P '^\s+' your_key_file.pem`.
- Check your package.json or lock files to confirm the fast-jwt version: `npm list fast-jwt`.
Additionally, monitor JWT verification behavior for unexpected acceptance of HS256 tokens signed with public keys, which may indicate exploitation.
What immediate steps should I take to mitigate this vulnerability?
Since no patched versions of fast-jwt are available for this vulnerability, immediate mitigation steps include:
- Ensure that all RSA public key PEM strings used in your application are trimmed of any leading whitespace before being processed by fast-jwt.
- Explicitly specify allowed JWT algorithms during token verification to prevent algorithm confusion attacks, for example, restrict verification to RS256 only.
- Audit your JWT verification logic to reject tokens signed with HS256 when expecting RS256 tokens.
- If possible, implement additional validation or use alternative JWT libraries that correctly handle PEM key whitespace.
These steps help prevent attackers from exploiting the vulnerability by forging tokens using the public key as an HMAC secret.