Cyber Resilience

CVE-2026-34986

High

Published: 06 April 2026

Published
06 April 2026
Modified
04 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0003 10.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34986 is a high-severity Uncaught Exception (CWE-248) vulnerability in Go-Jose Project Go-Jose. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-34986 is a denial-of-service vulnerability in the Go JOSE library, which implements JavaScript Object Signing and Encryption (JOSE) standards including JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) in Go. In versions prior to 4.1.4 and 3.0.5, decrypting a JWE object triggers a panic if the 'alg' field specifies a key wrapping algorithm (those ending in 'KW', excluding A128GCMKW, A192GCMKW, and A256GCMKW) and the 'encrypted_key' field is empty. The panic occurs in key_wrap.go during cipher.KeyUnwrap() when attempting to allocate a slice with zero or negative length based on the empty encrypted_key. This issue is reachable via ParseEncrypted(), ParseEncryptedJSON(), or ParseEncryptedCompact() followed by Decrypt() on the parsed object, provided the accepted key algorithms include the vulnerable ones.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity by crafting and sending a malicious JWE object that meets the conditions, causing the application to panic and crash. The attack requires the target application to parse and decrypt JWE inputs while accepting the specified key wrapping algorithms; if no such algorithms are accepted, parsing fails safely. Exploitation directly via cipher.KeyUnwrap() with ciphertext under 16 bytes is possible but less common. Successful exploitation results in denial of service due to the panic, with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-248.

The Go JOSE GitHub security advisory (GHSA-78h2-9frx-2jm8) confirms the issue and states it is fixed in versions 4.1.4 and 3.0.5. Security practitioners should upgrade to these patched versions and review applications using Go JOSE for JWE decryption to ensure accepted key algorithms are appropriately restricted, mitigating exposure to crafted inputs.

EU & UK References

Vulnerability details

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting…

more

a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability enables remote unauthenticated attackers to crash applications via crafted JWE inputs, directly facilitating exploitation of public-facing applications (T1190) for endpoint denial of service through application exploitation (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-9509Shared CWE-248
CVE-2026-31812Shared CWE-248
CVE-2025-20172Shared CWE-248
CVE-2025-59466Shared CWE-248
CVE-2026-1507Shared CWE-248
CVE-2025-67647Shared CWE-248
CVE-2026-44001Shared CWE-248
CVE-2026-44905Shared CWE-248
CVE-2026-37554Shared CWE-248
CVE-2025-20173Shared CWE-248

Affected Assets

go-jose project
go-jose
3.0.0 — 3.0.5 · 4.0.0 — 4.1.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the flaw in vulnerable Go JOSE library versions by upgrading to 4.1.4 or 3.0.5 directly eliminates the panic during JWE decryption with empty encrypted_key.

prevent

Secure error handling prevents application panics and crashes when processing malformed JWE objects with key wrapping algorithms and empty encrypted_key fields.

prevent

Validates incoming JWE inputs to reject those with empty encrypted_key for vulnerable key wrapping algorithms, blocking the path to cipher.KeyUnwrap() panic.

References