CVE-2026-45363 - `jwt` (Ruby gem) - empty-key HMAC bypass
CVE ID :CVE-2026-45363 Published : July 14, 2026, 10:16 p.m. | 17 minutes ago Description :ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT.decode(token, '', true, algorithm: 'HS256') accepts an attacker-forged token because...