CVE-2026-35042
Critical Header Validation Bypass in fast-jwt Allows Token Forgery
Publication date: 2026-04-06
Last updated on: 2026-04-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nearform | fast-jwt | to 6.2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-636 | When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions. |
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in fast-jwt (version 6.1.0 and earlier) involves improper handling of the 'crit' (Critical) Header Parameter in JSON Web Signature (JWS) tokens as defined by RFC 7515 Β§4.1.11.
Specifically, when a JWS token contains a 'crit' array listing extension header parameters that fast-jwt does not recognize or support, the library incorrectly accepts the token instead of rejecting it. This behavior violates the RFC's mandatory requirement that such tokens must be rejected.
This means that fast-jwt fails to validate critical extensions properly, allowing tokens with unrecognized critical headers to be accepted, which can lead to security issues.
How can this vulnerability impact me? :
This vulnerability can lead to several security impacts including unauthorized privilege escalation and bypass of multi-factor authentication requirements.
Because fast-jwt accepts tokens with unrecognized critical header extensions, attackers can craft tokens that bypass security policies enforced by these critical extensions.
In environments using multiple JWT libraries, this can cause split-brain verification where some libraries reject the token but fast-jwt accepts it, leading to inconsistent security enforcement.
The vulnerability impacts data integrity but does not affect confidentiality or availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the fast-jwt library incorrectly accepting JSON Web Signature (JWS) tokens that contain a crit (Critical) header parameter listing extensions that the library does not recognize or support. Detection involves inspecting JWT tokens processed by fast-jwt to identify tokens with a crit header containing unsupported extensions.
A practical detection approach is to capture JWT tokens used in your system (e.g., in HTTP Authorization headers) and decode their JOSE headers to check for the presence of a crit array. If the crit array contains extensions not supported by your JWT library, this indicates potential exposure to the vulnerability.
Suggested commands to detect such tokens include using command-line tools to decode JWT tokens and inspect their headers. For example, using jq and base64 decoding in a Unix-like shell:
- Extract the JWT token from network traffic or logs.
- Decode the JWT header (the first part of the token before the first period) using base64url decoding.
- Use jq or similar JSON parsers to check for the presence of the "crit" header and list its contents.
Example command to decode and inspect the header of a JWT token stored in the variable TOKEN:
- echo $TOKEN | cut -d '.' -f1 | base64 --decode | jq '.'
Review the output for the "crit" field and verify if it contains any unsupported critical extensions. Tokens with unsupported crit extensions indicate the vulnerability may be exploitable.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in fast-jwt allows acceptance of JSON Web Signature (JWS) tokens containing unrecognized critical header extensions, violating the mandatory validation requirements of RFC 7515 Β§4.1.11.
This improper validation can lead to unauthorized privilege escalation or bypass of multi-factor authentication, resulting in potential unauthorized access to protected data.
Such unauthorized access or bypasses can compromise data integrity and security controls, which are essential for compliance with standards and regulations like GDPR and HIPAA that mandate strict access control and data protection measures.
Therefore, this vulnerability may negatively impact compliance by undermining the enforcement of security policies and authentication mechanisms required to protect sensitive personal or health information.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, the primary step is to ensure that the fast-jwt library validates the crit (Critical) header parameter according to RFC 7515 Β§4.1.11. This means rejecting any JWS tokens that contain a crit array listing extensions that the library does not understand or support.
Immediate mitigation steps include:
- Update or patch the fast-jwt library to a version that includes proper validation of the crit header parameter, if such a version is available.
- If an updated version is not available, implement custom validation logic in your JWT verification process to enforce that the crit header is a non-empty array, that all critical extensions listed are supported, and that each critical extension is present in the header.
- Reject any tokens that contain unsupported or missing critical extensions to prevent acceptance of potentially malicious tokens.
- Review your environment for usage of multiple JWT libraries to avoid split-brain verification scenarios where some libraries accept tokens that others reject.
These steps help prevent unauthorized privilege escalation or bypass of multi-factor authentication enforced via critical extensions.