CVE-2026-53776

Name of the Vulnerable Software and Affected Versions Perry versions prior to 0.5.1166

Description An issue in the JWT validation process allows remote attackers to bypass token expiration. This occurs because the verify decode helper within the stdlib JWT verification path unconditionally sets validate exp to false. Consequently, attackers with a previously issued bearer token can use expired tokens in any jwt.verify() call to maintain authenticated access indefinitely, bypassing session expiration mechanisms such as administrative revocation or user logout.

Recommendations Update to version 0.5.1166 or later.