PatchSiren

JanssenProject CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM JanssenProject CVE published 2026-07-16

CVE-2026-45795

The Janssen Project, an open-source identity and access management (IAM) platform, had a vulnerability in jans-auth-server where it accepted unsigned JWE request objects. This was due to JwtAuthorizationRequest skipping inner signature validation when jwe.getSignedJWTPayload() returned null, and AuthzRequestService.processRequestObject() not rejecting the unrecognized RSA-OAEP algorithm when forceSignedRe [truncated]