CVE-2026-50627
CRITICALDescription
The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apache | cxf |
| apache | cxf |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2026-50627? +
How severe is CVE-2026-50627? +
What products are affected by CVE-2026-50627? +
How do I check if I'm vulnerable to CVE-2026-50627? +
Related Vulnerabilities
When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause …
The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This …
DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in …
Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if …
A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, …
(conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, …