CVE-2026-10714
Received Received - Intake

JWT Signature Bypass in FactoryTalk Services Platform

Vulnerability report for CVE-2026-10714, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Rockwell Automation

Description

A security issue exists within FactoryTalk® Services Platform (FTSP), allowing an attacker to bypass JWT signature validation during Okta Web Authentication. The vulnerability stems from the application not verifying that the JWT algorithm is configured for RSA, enabling an attacker to set the algorithm to "none" and craft forged tokens. This could allow an authenticated low-privilege user to impersonate any authorized user on the FTSP server, resulting in unauthorized access to system configuration and the ability to grant permissions to other systems protected by FTSP.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
rockwell_automation factorytalk_services_platform 6.60

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1390 The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-10714 is a security vulnerability in Rockwell Automation's FactoryTalk® Services Platform (FTSP) version 6.60. The issue involves a weak authentication mechanism where the application fails to properly validate JSON Web Tokens (JWT) during Okta Web Authentication.

The vulnerability stems from the application not verifying that the JWT algorithm is configured for RSA. This allows an attacker to set the algorithm to "none" and craft forged tokens. As a result, an authenticated low-privilege user can impersonate any authorized user on the FTSP server.

This impersonation could lead to unauthorized access to system configuration and the ability to grant permissions to other systems protected by FTSP.

Impact Analysis

If you are using the affected version of FactoryTalk® Services Platform (FTSP), this vulnerability could have several impacts:

  • An attacker with low-privilege access could impersonate any authorized user, including administrators, on the FTSP server.
  • Unauthorized access to sensitive system configurations and data could occur, leading to potential data breaches or system misuse.
  • The attacker could grant permissions to other systems protected by FTSP, expanding the scope of unauthorized access within your network.
  • This could result in operational disruptions, loss of control over critical systems, or exposure of confidential information.
Compliance Impact

This vulnerability could impact compliance with several common standards and regulations in the following ways:

  • GDPR (General Data Protection Regulation): Unauthorized access to personal data due to this vulnerability could lead to data breaches, resulting in non-compliance with GDPR requirements for data protection and breach notification.
  • HIPAA (Health Insurance Portability and Accountability Act): If the affected system handles protected health information (PHI), unauthorized access could violate HIPAA's security and privacy rules, leading to potential fines and legal consequences.
  • Other industry standards (e.g., ISO 27001, NIST): Failure to secure authentication mechanisms may result in non-compliance with requirements for access control, risk management, and system integrity.

Organizations using FTSP should assess the potential impact on their compliance posture and take corrective actions, such as applying the provided patch, to mitigate risks.

Detection Guidance

Detecting this vulnerability requires checking if your FactoryTalk® Services Platform (FTSP) version is affected and verifying JWT validation behavior. Since the vulnerability involves JWT algorithm manipulation, you can inspect network traffic or logs for tokens with the 'alg: none' header, which indicates a potential exploit attempt.

  • Check the installed version of FactoryTalk® Services Platform. The vulnerability affects version 6.60. If this version is detected, the system is likely vulnerable.
  • Review authentication logs for unusual JWT tokens, particularly those with the 'alg' header set to 'none'. This can be done using log analysis tools or by manually inspecting logs if they capture JWT headers.
  • Use network monitoring tools to capture and analyze HTTP traffic to the FTSP server. Look for JWT tokens in authentication requests and verify their 'alg' header values.

No specific commands are provided in the context, but you can use tools like Wireshark, Burp Suite, or custom scripts to inspect JWT tokens in transit. For example, in Wireshark, filter for HTTP traffic and examine the Authorization headers for JWT tokens.

Mitigation Strategies

To mitigate this vulnerability, follow these immediate steps:

  • Apply the patch provided by Rockwell Automation. The patch is identified as RAID 1158263 or is included in the February 2026 Patch Roll-up. This is the most effective way to resolve the issue.
  • If patching is not immediately possible, implement security best practices to reduce risk. This includes restricting access to the FTSP server to trusted networks and users only.
  • Monitor authentication logs for suspicious activity, such as JWT tokens with the 'alg: none' header, which may indicate an exploitation attempt.
  • Ensure that all users, especially low-privilege accounts, are not granted unnecessary permissions that could exacerbate the impact of this vulnerability.
  • Consider disabling Okta Web Authentication temporarily if it is not critical to operations, as the vulnerability specifically affects this authentication method.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10714. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart