CVE-2026-9537

NameCVE-2026-9537
DescriptionMojo::JWT versions before 1.02 for Perl verify HMAC signatures with a ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libmojo-jwt-perl (PTS)bookworm, bullseye0.09-1vulnerable
trixie1.01-1vulnerable
forky, sid1.02-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libmojo-jwt-perlsource(unstable)1.02-1

Notes

https://lists.security.metacpan.org/cve-announce/msg/41907805/
Fixed by: https://github.com/jberger/Mojo-JWT/commit/b8aefb846613e44b5b12bc170898ffd5b05094a2 (1.02)

Search for package or bug name: Reporting problems