By weakness (CWE)
CWE-347: related vulnerabilities
CVEs classified under CWE-347. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
4 published vulnerabilities
- CVE-2026-47201HIGH 8.5
authentik, an open-source identity provider used to manage user authentication and authorization, contains a vulnerability in how it validates SAML responses from upstream identity providers. The flaw allows an attacker who has any valid account at an upstream IdP to reuse a legitimately signed authentication assertion to impersonate other federated users. This works because authentik doesn't properly validate XML signatures, making it vulnerable to XML Signature Wrapping attacks—a technique where attackers manipulate the structure of signed XML data without invalidating the signature itself. An attacker needs valid credentials at the upstream IdP but can then gain unauthorized access as arbitrary other users in systems relying on authentik for federation.
- CVE-2026-48526HIGH 7.4
PyJWT, a widely-used Python library for handling JSON Web Tokens (JWTs), contains an authentication bypass vulnerability in versions before 2.13.0. The flaw allows attackers to forge valid tokens by exploiting insufficient validation of cryptographic key usage. Specifically, when a library instance is configured to accept both asymmetric (public-key) and HMAC (shared-secret) algorithms, an attacker can take the issuer's public key—which is often publicly available—and use it as the HMAC secret to create forged tokens that the vulnerable library will accept as legitimate.
- CVE-2026-48523MEDIUM 5.4
PyJWT, a widely-used Python library for handling JSON Web Tokens, has a flaw in how it validates token signatures when using JWK (JSON Web Key) objects. Between versions 2.9.0 and 2.12.1, the library checks that a token's advertised algorithm is in the caller's allow-list, but then ignores that check and uses a different algorithm bound to the JWK object for actual verification. This means an attacker with access to a registered private key can craft a token that claims to use an allowed algorithm in its header while being signed with a disallowed algorithm stored in the JWK—and the library will accept it. The fix is available in version 2.13.0.
- CVE-2026-45614MEDIUM 4.7
OP-TEE, a Trusted Execution Environment for Arm systems, fails to validate that ECDH public keys lie on the correct elliptic curve before deriving shared secrets. An attacker with local access can craft approximately 30-40 malformed public keys and submit them through TEE_DeriveKey calls to leak fragments of the private key. By collecting these leaks and applying the Chinese Remainder Theorem, the attacker can reconstruct the full private key. This breaks the confidentiality of ECDH operations and affects systems relying on OP-TEE for cryptographic operations prior to version 4.11.0.