MEDIUM
JanssenProject
CVE published 2026-07-16
CVE-2026-45795
The Janssen Project, an open-source identity and access management (IAM) platform, had a vulnerability in jans-auth-server where it accepted unsigned JWE request objects. This was due to JwtAuthorizationRequest skipping inner signature validation when jwe.getSignedJWTPayload() returned null, and AuthzRequestService.processRequestObject() not rejecting the unrecognized RSA-OAEP algorithm when forceSignedRe [truncated]