-
-
Notifications
You must be signed in to change notification settings - Fork 236
Expand file tree
/
Copy pathCVE-2026-45363.yml
More file actions
58 lines (52 loc) · 2.26 KB
/
Copy pathCVE-2026-45363.yml
File metadata and controls
58 lines (52 loc) · 2.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
---
gem: jwt
cve: 2026-45363
ghsa: c32j-vqhx-rx3x
url: https://www.cve.org/CVERecord?id=CVE-2026-45363
title: 'ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351'
date: 2026-05-18
description: |
`JWT.decode(token, '', true, algorithm: 'HS256')` accepts an
attacker-forged token. `OpenSSL::HMAC.digest('SHA256', '', payload)`
returns a valid digest under an empty key, and no
`raise InvalidKeyError if key.empty?` precondition exists in the HMAC
algorithm.
```
JWT.decode(token, "", true, algorithm: 'HS256')
-> JWA::Hmac.verify(verification_key: "", ...)
-> OpenSSL::HMAC.digest('SHA256', "", signing_input) == signature
```
The same path is reached when a keyfinder block or key_finder: argument
returns "", nil, or an array containing nil for an unknown key.
JWT::Decode#find_key only rejects literal nil and empty arrays, and
JWT::JWA::Hmac silently coerces nil to "" (signing_key ||= '') before
signing.
```
JWT.decode(token, nil, true, algorithms: ['HS256']) { |_h| "" }
-> find_key returns "" # "" && !Array("").empty? == true
-> JWA::Hmac.verify(verification_key: "", ...)
-> verifies
```
Common application patterns that produce the unsafe value:
`redis.get("kid:#{kid}").to_s`, ORM string columns with `default: ''`,
`ENV['SECRET'] || ''`, `Hash.new('')` lookups, `[primary, fallback]`
where fallback may be nil. Applications passing a non-empty static
`key:`, or whose keyfinder returns nil / raises on miss, are not
affected.
The existing `enforce_hmac_key_length` option would block this but
defaults to false. On OpenSSL ≥ 3.5 the empty-key HMAC.digest call no
longer raises, so the OpenSSL-3.0 rescue in JWA::Hmac#sign does not
fire.
Affects HS256/HS384/HS512 via both JWT.decode (positional key and block
keyfinder) and `JWT::EncodedToken#verify_signature!(key_finder:)`.
cvss_v3: 7.4
patched_versions:
- "~> 2.10.3"
- ">= 3.2.0"
related:
url:
- https://www.cve.org/CVERecord?id=CVE-2026-45363
- https://github.com/jwt/ruby-jwt/security/advisories/GHSA-c32j-vqhx-rx3x
- https://github.com/jwt/ruby-jwt/commit/db560b769a07bd9724e77ff505011ac01872106f
- https://github.com/jwt/ruby-jwt/releases/tag/v3.2.0
- https://github.com/advisories/GHSA-c32j-vqhx-rx3x