Back to overview

CVE-2026-9537

Description
Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison. The decode() method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differing byte, so the comparison time varies with the number of matching leading bytes. A caller that decodes attacker supplied tokens leaks the expected signature through this timing variation, which can be aggregated over many requests to recover the signature and forge a token.

Metadata

CVE ID
CVE-2026-9537
State
PUBLISHED
Assigner
CPANSec
Reserved
2026-05-25 20:46 UTC
Published
2026-07-17 15:29 UTC
Last updated
2026-07-17 17:25 UTC
Primary CWE
CWE-208
CWE-208 Observable Timing Discrepancy
Vendor / Product
JBERGER / Mojo::JWT
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
JBERGER Mojo::JWT 0 < 1.02
Weakness (CWE)
CWESourceDescription
CWE-208 cna CWE-208 Observable Timing Discrepancy
Back to overview