CVE-2026-34240
Published: 31 March 2026
Summary
CVE-2026-34240 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability in Appsup-Dart Jose. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 1.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly mitigates CVE-2026-34240 by applying the patch in JOSE version 0.3.5+1, which prevents the library from treating untrusted header-provided JWKs as verification candidates.
Information input validation enforces rejection of JOSE tokens containing header JWKs unless they match the trusted key store, directly countering the forgery mechanism.
Configuration settings secure the JOSE library or application to disable trust in header-provided JWKs, implementing the recommended workaround to block forged tokens.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability allows forging valid JWT/JWS tokens via untrusted JWK in header, directly enabling T1606 Forge Web Credentials; exploitable remotely in public-facing apps using the library via T1190.
NVD Description
JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The…
more
vulnerability exists because key selection could treat header-provided jwk as a verification candidate even when that key was not present in the trusted key store. Since JOSE headers are untrusted input, an attacker could exploit this by creating a token payload, embedding an attacker-controlled public key in the header, and signing with the matching private key. Applications using affected versions for token verification are impacted. This issue has been patched in version 0.3.5+1. A workaround for this issue involves rejecting tokens where header jwk is present unless that jwk matches a key already present in the application's trusted key store.
Deeper analysisAI
CVE-2026-34240 is a vulnerability in the JOSE library, a JavaScript Object Signing and Encryption (JOSE) implementation, affecting versions prior to 0.3.5+1. The flaw enables forging of valid JWS/JWT tokens by embedding a JSON Web Key (JWK) in the untrusted JOSE header. This happens because the library's key selection treats the header-provided JWK as a valid verification candidate, even if it is absent from the application's trusted key store. Applications relying on affected versions for token verification are impacted, with the issue mapped to CWE-347 and assigned a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
An unauthenticated remote attacker can exploit this vulnerability by crafting a token payload, embedding an attacker-controlled public key in the JOSE header as a JWK, and signing the token with the corresponding private key. When verified, the library accepts the header-provided key for signature validation, allowing the forged token to pass as authentic. This bypasses reliance on pre-configured trusted keys, potentially granting unauthorized access or privilege escalation in token-based authentication systems.
The vulnerability has been addressed in JOSE version 0.3.5+1. A recommended workaround is to reject any tokens containing a header JWK unless it exactly matches a key already present in the application's trusted key store. Additional details are available in the GitHub security advisory at https://github.com/appsup-dart/jose/security/advisories/GHSA-vm9r-h74p-hg97 and the patching commit at https://github.com/appsup-dart/jose/commit/b07799aac1f56a9a21483feac026272aab30cc5d.
Details
- CWE(s)