cbcvebase.

Github.Com Centrifugal Centrifugo V6 vulnerabilities

3 known vulnerabilities affecting github.com/centrifugal_centrifugo_v6.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2

Vulnerabilities

Page 1 of 1
CVE-2025-68121P3HIGHCVSS 7.5≥ 0, < 6.6.12026-02-19
CVE-2025-68121 [HIGH] CWE-1395 Centrifugo v6.6.0 dependency vulnerabilities Centrifugo v6.6.0 dependency vulnerabilities ### Summary Centrifugo v6.6.0 binary is compiled with **Go 1.25.5** and statically links `github.com/quic-go/webtransport-go v0.9.0`, having **7 known CVEs** **Go standard library — compiled with Go 1.25.5:** | CVE | Severity | CVSS | Fixed In | |-----|----------|------|----------| | CVE-2025-68121 | **CRITICAL** | 10.0 | Go 1.25.7, 1.24.13 | | CVE-2025-61726 | HIGH | 7.5
ghsaosv
CVE-2026-32301P3CRITICAL≥ 0, < 6.7.02026-03-13
CVE-2026-32301 [CRITICAL] CWE-918 Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL ### Summary Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (e.g. `{{tenant}}`). An unauthenticated attacker can craft a JWT with a malicious `iss` or `aud` claim value that gets interpolated into the J
ghsaosv
CVE-2026-49998HIGH≥ 0, < 6.8.12026-07-01
CVE-2026-49998 [HIGH] CWE-347 Centrifugo's dynamic JWKS key cache keyed only by `kid` allows cross-issuer JWT authentication bypass Centrifugo's dynamic JWKS key cache keyed only by `kid` allows cross-issuer JWT authentication bypass #### Summary Centrifugo's dynamic JWKS endpoint feature can verify a JWT for one allowed issuer using a public key cached from another allowed issuer. The JWKS cache and `singleflight` lookup are keyed only by the JWT header `kid`, not by the resolved JWKS endpoin
ghsa