CWE-347
Improper Verification of Cryptographic Signature
Description
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-463 · CAPEC-475
CVEs mapped to this weakness (357)
page 12 of 18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1237 | — | Low | 0.07 | — | 0.00 | Jan 28, 2026 | Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain… | |
| CVE-2021-22160 | 0.01 | — | 0.53 | May 26, 2021 | If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl.… | |||
| CVE-2026-54773 | 0.00 | — | — | Jun 19, 2026 | ### Impact An unauthenticated remote attacker who can place a SOAP header lexically before `wsse:Security` can embed a `ds:Signature` of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security… | |||
| CVE-2026-32974 | 0.00 | — | 0.00 | Mar 29, 2026 | OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger… | |||
| CVE-2026-27962 | 0.00 | — | 0.01 | Mar 16, 2026 | Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When… | |||
| CVE-2026-28802 | 0.00 | — | 0.00 | Mar 6, 2026 | Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to… | |||
| CVE-2025-12150 | 0.00 | — | 0.00 | Feb 27, 2026 | A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is… | |||
| CVE-2026-22866 | 0.00 | — | 0.00 | Feb 25, 2026 | Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures.… | |||
| CVE-2026-25793 | 0.00 | — | 0.00 | Feb 6, 2026 | Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability… | |||
| CVE-2026-23992 | 0.00 | — | 0.00 | Jan 22, 2026 | go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification.… | |||
| CVE-2026-23965 | 0.00 | — | 0.00 | Jan 22, 2026 | sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge… | |||
| CVE-2026-23967 | 0.00 | — | 0.00 | Jan 22, 2026 | sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid… | |||
| CVE-2026-23518 | 0.00 | — | 0.00 | Jan 21, 2026 | Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT… | |||
| CVE-2026-22817 | 0.00 | — | 0.00 | Jan 13, 2026 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not… | |||
| CVE-2026-22818 | 0.00 | — | 0.00 | Jan 13, 2026 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did… | |||
| CVE-2025-68925 | 0.00 | — | 0.00 | Jan 13, 2026 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2. | |||
| CVE-2025-66568 | 0.00 | — | 0.00 | Dec 9, 2025 | The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute… | |||
| CVE-2025-66567 | 0.00 | — | 0.00 | Dec 9, 2025 | The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating… | |||
| CVE-2025-65945 | 0.00 | — | 0.00 | Dec 4, 2025 | auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they… | |||
| CVE-2025-64186 | 0.00 | — | 0.00 | Nov 12, 2025 | Evervault is a payment security solution. A vulnerability was identified in the `evervault-go` SDK’s attestation verification logic in versions of `evervault-go` prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an… |
- risk 0.07cvss —epss 0.00
Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain…
- CVE-2021-22160May 26, 2021risk 0.01cvss —epss 0.53
If Apache Pulsar is configured to authenticate clients using tokens based on JSON Web Tokens (JWT), the signature of the token is not validated if the algorithm of the presented token is set to "none". This allows an attacker to connect to Pulsar instances as any user (incl.…
- CVE-2026-54773Jun 19, 2026risk 0.00cvss —epss —
### Impact An unauthenticated remote attacker who can place a SOAP header lexically before `wsse:Security` can embed a `ds:Signature` of their choosing inside that header and cause the server to verify the attacker-supplied signature instead of the one carried in the security…
- CVE-2026-32974Mar 29, 2026risk 0.00cvss —epss 0.00
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inject forged Feishu events and trigger…
- CVE-2026-27962Mar 16, 2026risk 0.00cvss —epss 0.01
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When…
- CVE-2026-28802Mar 6, 2026risk 0.00cvss —epss 0.00
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to…
- CVE-2025-12150Feb 27, 2026risk 0.00cvss —epss 0.00
A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is…
- CVE-2026-22866Feb 25, 2026risk 0.00cvss —epss 0.00
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures.…
- CVE-2026-25793Feb 6, 2026risk 0.00cvss —epss 0.00
Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability…
- CVE-2026-23992Jan 22, 2026risk 0.00cvss —epss 0.00
go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification.…
- CVE-2026-23965Jan 22, 2026risk 0.00cvss —epss 0.00
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an attacker can forge…
- CVE-2026-23967Jan 22, 2026risk 0.00cvss —epss 0.00
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid…
- CVE-2026-23518Jan 21, 2026risk 0.00cvss —epss 0.00
Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT…
- CVE-2026-22817Jan 13, 2026risk 0.00cvss —epss 0.00
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s alg value to influence signature verification when the selected JWK did not…
- CVE-2026-22818Jan 13, 2026risk 0.00cvss —epss 0.00
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verification when the selected JWK did…
- CVE-2025-68925Jan 13, 2026risk 0.00cvss —epss 0.00
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This vulnerability is fixed in 2.2.
- CVE-2025-66568Dec 9, 2025risk 0.00cvss —epss 0.00
The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute…
- CVE-2025-66567Dec 9, 2025risk 0.00cvss —epss 0.00
The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating…
- CVE-2025-65945Dec 4, 2025risk 0.00cvss —epss 0.00
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they…
- CVE-2025-64186Nov 12, 2025risk 0.00cvss —epss 0.00
Evervault is a payment security solution. A vulnerability was identified in the `evervault-go` SDK’s attestation verification logic in versions of `evervault-go` prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an…