CyberRota
← Ana sayfaya dön

CVE-2026-50627

CRITICAL · CVSS 9.1 EPSS %0.39

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-12T10:16:22.587 · Çekilme zamanı: 2026-06-30T12:18:00.773411+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-50627
Severity
CRITICAL
CVSS
9.1
EPSS
%0.39
Apache

Orijinal NVD Açıklaması

The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issued for one Resource Server to be successfully replayed against a completely different Resource Server, leading to Token Confusion/Routing attacks. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.