Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2026-35039NVD

Description

fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification process leading to valid tokens returning claims from different valid tokens and users being mis-identified as other users based on the wrong token. Version 6.2.0 contains a patch.

Severity Level

CRITICAL (9.1)

Published Date

06/04/2026

Last Modified

22/04/2026

Exploitation Status

UNKNOWN

References

https://github.com/nearform/fast-jwt/commit/de121056c6415b58770c60640881eaec67ac4ceb
https://github.com/nearform/fast-jwt/security/advisories/GHSA-rp9m-7r4c-75qg