CVE-2026-44699

NameCVE-2026-44699
DescriptionLibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid JWT without knowing any secret or RSA private key. This is an algorithm-confusion authentication bypass. It affects applications that load RSA keys from JWKS where alg is omitted, which is valid JWK syntax and common in real deployments, and then choose the verification algorithm from the JWT header, for example in a kid lookup callback. This vulnerability is fixed in 3.3.3.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1136810

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libjwt (PTS)bullseye1.10.2-1+deb11u1fixed
bookworm1.10.2-1+deb12u1fixed
forky, sid, trixie1.17.2-1fixed
libjwt3 (PTS)forky, sid3.3.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libjwtsource(unstable)(not affected)
libjwt3source(unstable)3.3.3-11136810

Notes

- libjwt <not-affected> (Only affects the 3.x series)
https://github.com/benmcollins/libjwt/security/advisories/GHSA-q843-6q5f-w55g
Fixed by: https://github.com/benmcollins/libjwt/commit/49c730a4036c5ae67a4a97e4e55101e445fda694 (v3.3.3)
Search for package or bug name: Reporting problems