Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2026-34950NVD

Description

fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that CVE-2023-48223 patched.

Severity Level

CRITICAL (9.1)

Published Date

06/04/2026

Last Modified

22/04/2026

Exploitation Status

UNKNOWN

References

https://github.com/nearform/fast-jwt/security/advisories/GHSA-mvf2-f6gm-w987