CVE-2026-34240HIGHCVSS 7.5fixed in 0.3.5\+1ยทfixed in 0.3.5+12026-03-31
CVE-2026-34240 [HIGH] CWE-347 CVE-2026-34240: JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulne
JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because key selection could treat header-provided jwk as a verification candidate e
cvelistv5nvd