Hacker News new | ask | show | jobs
by tptacek 5 days ago
There is in fact a long lineage of vulnerabilities caused by JWTs in real applications.
1 comments
unscaled 4 days ago
A non-exhuastive list of CVEs from this year alone:

CVE-2026-28802, CVE-2026-29000, CVE-2026-1529, CVE-2026-22817/8, CVE-2026-34950, CVE-2026-23993, CVE-2026-32597.

Most of them are the same classic alg=none, signature verification bypass and algorithm confusion issues.

link