CWE-347— Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.— MITRE CWE catalog
681 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-347page 13 of 14
- CVE-2026-27962CRITICALCVSS 9.1EG 9.12026-03-16
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that p…
- CVE-2026-28802CRITICALCVSS 9.8EG 9.82026-03-06
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature v…
- CVE-2026-32144HIGHCVSS 7.4EG 7.42026-04-07
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_val…
- CVE-2026-32597HIGHCVSS 7.5EG 7.52026-03-13
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not u…
- CVE-2026-32974HIGHCVSS 8.6EG 8.62026-03-29
OpenClaw before 2026.3.12 contains an authentication bypass vulnerability in Feishu webhook mode when only verificationToken is configured without encryptKey, allowing acceptance of forged events. Unauthenticated network attackers can inje…
- CVE-2026-33117CRITICALCVSS 9.1EG 9.12026-05-12
The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable loca…
- CVE-2026-3338HIGHCVSS 7.5EG 7.52026-03-02
Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need to take action.…
- CVE-2026-33467MEDIUMCVSS 5.9EG 5.92026-04-28
Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served to a self-hosted registry, to substitute …
- CVE-2026-33487HIGHCVSS 7.5EG 7.52026-03-26
goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element's ID. I…
- CVE-2026-33746CRITICALCVSS 9.8EG 9.82026-04-02
Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode() method did not verify the cryptographic signature of JWT tokens. While the method configured a symmet…
- CVE-2026-33894HIGHCVSS 7.5EG 7.52026-03-27
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, RSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low public exponent keys (e=3). Attacker…
- CVE-2026-33895HIGHCVSS 7.5EG 7.52026-03-27
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo …
- CVE-2026-34068MEDIUMCVSS 6.8EG 6.82026-04-22
nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts `UpdateValidator` transactions that set `new_voting_key=Some(...)` while omitting `new_pro…
- CVE-2026-34840HIGHCVSS 8.1EG 8.12026-04-02
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verification and identity extraction. isSignatu…
- CVE-2026-34872CRITICALCVSS 9.1EG 9.12026-04-01
An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the sh…
- CVE-2026-35205HIGHCVSS 7.8EG 7.82026-04-09
Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4.
- CVE-2026-3562HIGHCVSS 8.8EG 6.32026-03-16
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is…
- CVE-2026-3564CRITICALCVSS 9.0EG 9.02026-03-17
A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. ScreenConne…
- CVE-2026-36721CRITICALCVSS 9.8EG 9.82026-06-09
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
- CVE-2026-38651HIGHCVSS 8.2EG 8.22026-04-28
Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attacker can forge a JWT signed with any arbit…
- CVE-2026-39413MEDIUMCVSS 4.2EG 4.22026-04-08
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since t…
- CVE-2026-39829HIGHCVSS 7.5EG 7.52026-05-22
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This co…
- CVE-2026-40070HIGHCVSS 8.1EG 8.12026-04-09
BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier's signature over the certificate content…
- CVE-2026-40372CRITICALCVSS 9.1EG 9.12026-04-21
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-40941MEDIUMCVSS 6.5EG 6.52026-06-25
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31.
- CVE-2026-41005CRITICALCVSS 9.0EG 9.02026-06-11
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint…
- CVE-2026-4115LOWCVSS 3.7EG 3.72026-03-22
A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The at…
- CVE-2026-41301MEDIUMCVSS 5.3EG 5.32026-04-21
OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attack…
- CVE-2026-41431HIGHCVSS 8.0EG 8.02026-05-11
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The M…
- CVE-2026-41669HIGHCVSS 8.2EG 8.22026-05-07
Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature() method at both call sites (handleSSORequest() line 418 and h…
- CVE-2026-41694MEDIUMCVSS 5.3EG 3.72026-06-10
Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a dec…
- CVE-2026-42193CRITICALCVSS 9.1EG 9.12026-05-08
Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or …
- CVE-2026-42462HIGHCVSS 7.0EG 7.02026-05-26
Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that wou…
- CVE-2026-42501HIGHCVSS 7.5EG 7.52026-05-07
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module proxy (GOMODPROXY) or checksum database (G…
- CVE-2026-4258HIGHCVSS 7.5EG 7.52026-03-17
All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey(). An attacker can recover a victim's ECDH private key by sending c…
- CVE-2026-42602HIGHCVSS 8.1EG 8.12026-05-13
azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access token for any scope the collector's configur…
- CVE-2026-42743MEDIUMCVSS 6.5EG 6.52026-06-15
Unauthenticated Broken Authentication in Masteriyo - LMS <= 2.1.8 versions.
- CVE-2026-44309MEDIUMCVSS 5.3EG 5.32026-05-15
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking t…
- CVE-2026-44497CRITICALCVSS 9.1EG 9.12026-05-08
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash …
- CVE-2026-44699CRITICALCVSS 9.1EG 9.12026-05-15
LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to ru…
- CVE-2026-44714HIGHCVSS 7.5EG 7.52026-05-15
The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoi…
- CVE-2026-44720MEDIUMCVSS 6.9EG 6.92026-05-27
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access to user accounts under specific conditi…
- CVE-2026-44748CRITICALCVSS 9.9EG 9.92026-06-09
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampe…
- CVE-2026-45575HIGHCVSS 7.4EG 7.42026-05-15
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery do…
- CVE-2026-45614MEDIUMCVSS 4.7EG 4.72026-06-03
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public …
- CVE-2026-4600HIGHCVSS 7.4EG 7.42026-03-23
Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow in src/dsa-…
- CVE-2026-46349MEDIUMCVSS 5.3EG 5.32026-06-24
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activitie…
- CVE-2026-46354CRITICALCVSS 9.1EG 9.12026-05-19
Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, `azureidentity.Validate()` verifies that the PKCS#7 signer certificate chains…
- CVE-2026-46423CRITICALCVSS 9.3EG 9.32026-06-24
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation silently skips both SAML Response…
- CVE-2026-47201HIGHCVSS 8.5EG 8.52026-05-29
authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any …
Map vulnerabilities like CWE-347 to your infrastructure
EchelonGraph correlates every CVE — across CWE-347 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →