MEDIUM
nuts-foundation
CVE published 2026-05-26
CVE-2026-41164
CVE-2026-41164 is a MEDIUM severity (CVSS 4.4) vulnerability in nuts-node, the reference implementation of the Nuts specification. Published on 2026-05-26, this issue affects versions prior to 6.2.3 and 5.4.31. The vulnerability resides in the v1 access token introspection endpoint (/auth/v1/introspect_access_token), which accepts any JWT signed by a key present on the node without validating the JWT type [truncated]