fast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

Description

A vulnerability was found in nearform fast-jwt up to 6.1.0 and classified as problematic. The affected element is an unknown function of the file fast-jwt/src/crypto.js of the component JSON Web Token Handler. The manipulation results in risky cryptographic algorithm. This vulnerability was named CVE-2026-34950. The attack may be performed from remote.

Affected Products

Vendor	Product	Versions
nearform	fast-jwt	<= 6.1.0

References

https://github.com/nearform/fast-jwt/security/advisories/GHSA-mvf2-f6gm-w987(x_refsource_CONFIRM)

Related News (1 articles)

Tier C

VulDB2h ago

CVE-2026-34950 | nearform fast-jwt up to 6.1.0 JSON Web Token fast-jwt/src/crypto.js risky encryption (GHSA-mvf2-f6gm-w987)

→ No new info (linked only)

CVSS 3.19.1 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-327

PublishedApr 2, 2026

Last enriched2h agov2

Community Vote

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated description with new details about the vulnerability and corrected exploit availability.

description

via VulDB

v13d ago

Initial creation

fast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History