CVE-2026-44699

UNKNOWN 0.0

LibJWT: Algorithm confusion allows JWT forgery with RSA JWK as empty-key HMAC

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid JWT without knowing any secret or RSA private key. This is an algorithm-confusion authentication bypass. It affects applications that load RSA keys from JWKS where alg is omitted, which is valid JWK syntax and common in real deployments, and then choose the verification algorithm from the JWT header, for example in a kid lookup callback. This vulnerability is fixed in 3.3.3.

CWE	CWE-327 CWE-347
Vendor	benmcollins
Product	libjwt
Published	May 15, 2026

Stay Ahead of the Next One

Get instant alerts for benmcollins libjwt

Be the first to know when new unknown vulnerabilities affecting benmcollins libjwt are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

benmcollins / libjwt

>= 3.0.0, < 3.3.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/benmcollins/libjwt/security/advisories/GHSA-q843-6q5f-w55g