CVE-2026-44351

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions fast-jwt versions prior to 6.2.4

Description An authentication bypass exists in the asynchronous key-resolver flow. When an application's key resolver returns an empty string ('') or a zero-length Buffer, the software converts this to a zero-length Buffer and assigns the HMAC algorithm family (HS256, HS384, HS512) as the allowed algorithms. This allows an unauthenticated attacker to forge arbitrary JSON Web Tokens (JWTs) by signing them with an empty string. If the verifier's async callback returns an empty value (a common pattern in JWKS-style fallbacks), the forged token is accepted as authentic, allowing the attacker to assume any identity or privilege level by manipulating claims such as sub, admin, or scopes.

Technical details include:

Vulnerable Function: prepareKeyOrSecret() fails to check for key length before creating a secret key.
Vulnerable Flow: The async key-resolver path in src/verifier.js allows empty strings to proceed to signature verification.

Recommendations Update to fast-jwt version 6.2.4. As a temporary workaround, ensure that the asynchronous key resolver function does not return an empty string or zero-length Buffer when a key is not found; instead, it should return null or undefined to trigger a missing key error.

Exploit

Fix

Improper Authentication

Inadequate Encryption Strength

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-326CWE-1391

Related Identifiers

CVE-2026-44351

GHSA-GMVF-9V4P-V8JC

Affected Products

Fast-Jwt

CVE-2026-44351

Weakness Enumeration

Related Identifiers

Affected Products

References · 6