fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

Description

fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.1.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification process leading to valid tokens returning claims from different valid tokens and users being mis-identified as other users based on the wrong token.

Affected Products

Vendor	Product	Versions
nearform	fast-jwt	>= 0.0.1, < 6.1.0, >= 6.0.0, < 6.1.0

References

https://github.com/nearform/fast-jwt/security/advisories/GHSA-rp9m-7r4c-75qg(x_refsource_CONFIRM)

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-35039 | nearform fast-jwt up to 6.0.x data authenticity (GHSA-rp9m-7r4c-75qg)

→ No new info (linked only)

fast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History