{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/fast-jwt/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":5.9,"id":"CVE-2023-48223"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["jwt","algorithm-confusion","vulnerability","fast-jwt","nodejs"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe fast-jwt library, a popular Node.js package for handling JSON Web Tokens (JWTs), contains a vulnerability related to algorithm confusion. An incomplete fix for CVE-2023-48223 (GHSA-c2ff-88x2-x9pg) allows attackers to bypass intended security measures by exploiting leading whitespace in the RSA public key. Specifically, the \u003ccode\u003epublicKeyPemMatcher\u003c/code\u003e regex in \u003ccode\u003efast-jwt/src/crypto.js\u003c/code\u003e does not account for leading whitespace, causing RSA public keys to be misclassified as HMAC secrets. This allows attackers to forge HS256 tokens using the RSA public key, leading to unauthorized access and privilege escalation. The vulnerability affects fast-jwt versions \u0026lt;= 6.1.0. This issue is a direct bypass of the fix for CVE-2023-48223.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a server using the vulnerable fast-jwt library for JWT verification.\u003c/li\u003e\n\u003cli\u003eThe attacker retrieves the server\u0026rsquo;s RSA public key, which is often publicly available.\u003c/li\u003e\n\u003cli\u003eThe attacker adds leading whitespace (e.g., a newline character) to the RSA public key.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious JWT with the header specifying the HS256 algorithm (\u003ccode\u003ealg: 'HS256'\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker sets the payload of the JWT to contain desired claims, such as \u003ccode\u003eadmin: true\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the whitespace-prefixed RSA public key as the HMAC secret to sign the JWT.\u003c/li\u003e\n\u003cli\u003eThe attacker presents the forged HS256 token to the vulnerable server.\u003c/li\u003e\n\u003cli\u003eThe server, due to the algorithm confusion vulnerability, incorrectly verifies the token using the RSA public key as an HMAC secret and grants unauthorized access based on the claims in the forged token.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to bypass authentication and authorization controls, potentially gaining administrative privileges or access to sensitive data. This could lead to data breaches, system compromise, and reputational damage. The impact is significant due to the widespread use of the fast-jwt library in various applications. This is a direct bypass of the fix for CVE-2023-48223.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of the \u003ccode\u003efast-jwt\u003c/code\u003e library that addresses this vulnerability. This will require updating the \u003ccode\u003efast-jwt\u003c/code\u003e package in your \u003ccode\u003epackage.json\u003c/code\u003e file and redeploying your application.\u003c/li\u003e\n\u003cli\u003eAs an immediate mitigation, sanitize RSA public keys by trimming leading whitespace before using them with the \u003ccode\u003efast-jwt\u003c/code\u003e library. This can be done using the \u003ccode\u003e.trim()\u003c/code\u003e method in JavaScript before passing the key to the \u003ccode\u003ecreateVerifier\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule that detects HS256 tokens being verified with RSA keys based on process creation logs to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement logging and monitoring for JWT verification processes to detect anomalies and suspicious activity. Specifically, monitor for instances where HS256 is used with keys that appear to be RSA public keys.\u003c/li\u003e\n\u003cli\u003eReview and update any existing security controls related to JWT handling to ensure they are effective against this type of algorithm confusion attack.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T12:00:00Z","date_published":"2026-04-03T12:00:00Z","id":"/briefs/2026-04-fast-jwt-bypass/","summary":"The fast-jwt library is vulnerable to JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key due to an incomplete fix for CVE-2023-48223, allowing attackers to bypass intended security measures by exploiting leading whitespace in the RSA public key, enabling attackers to sign arbitrary payloads that will be accepted by the verifier, potentially leading to privilege escalation.","title":"fast-jwt Library JWT Algorithm Confusion Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-fast-jwt-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Fast-Jwt","version":"https://jsonfeed.org/version/1.1"}