A vulnerability has been found in joserfc 1.3.5/1.4.1/1.4.2/1.6.7 and classified as critical. This issue affects some unknown processing of the component HS256/HS384/HS512. This manipulation causes improper authentication.

This vulnerability is registered as CVE-2026-49852. Remote exploitation of the attack is possible. No exploit is available.

The affected component should be upgraded.