A vulnerability has been found in joserfc 1.3.5/1.4.1/1.4.2/1.6.7 and classified as critical. This issue affects some unknown processing of the component HS256/HS384/HS512. This manipulation causes improper authentication.
This vulnerability is registered as CVE-2026-49852. Remote exploitation of the attack is possible. No exploit is available.
The affected component should be upgraded.