{"vulnerability": "CVE-2026-45363", "sightings": [{"uuid": "af1c7d2f-fc13-4109-b787-5428399d772d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqnaaypv4m2v", "content": "CVE-2026-45363 - jwt\nAn attacker can forge a valid JWT token without knowing the secret key. This is possible if the key is empty, or if the keyfinder returns an empty string or nil. To prevent this,\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#jwt #timrudat #Ruby #CVE #infosec", "creation_timestamp": "2026-07-14T22:16:11.854835Z"}, {"uuid": "26e33862-a2f7-43d5-86a9-a7e156c5e735", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mqng3v7m442f", "content": "ruby-jwt CRITICAL vulnerability (CVE-2026-45363): Versions &lt;2.10.3 &amp; &lt;3.2.0 let attackers forge JWT tokens with empty HMAC keys. Upgrade to 2.10.3/3.2.0 now. \ud83d\udea8 https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #rubyjwt #CVE202645363", "creation_timestamp": "2026-07-15T00:00:43.319112Z"}, {"uuid": "d3b923ca-2333-43ff-9e2f-a067b8fa09a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-45363", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116921050127676424", "content": "CVE-2026-45363: CRITICAL improper authentication in ruby-jwt (&lt;2.10.3, &lt;3.2.0) lets attackers forge JWTs with empty HMAC keys. Immediate upgrade required to 2.10.3/3.2.0. Impact: auth bypass, high integrity risk. https://radar.offseq.com/threat/cve-2026-45363-cwe-287-improper-authentication-in--588cdab561cd07ab #OffSeq #CVE202645363 #ruby #jwt #infosec", "creation_timestamp": "2026-07-15T00:00:44.533087Z"}, {"uuid": "1068df3b-d79e-4458-a8df-0f2ff4e34dd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45363", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mqnn7o72j22i", "content": "CVE-2026-45363 - `jwt` (Ruby gem) - empty-key HMAC bypass\nCVE ID : CVE-2026-45363\n \n Published : July 14, 2026, 10:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : ruby-jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. Prior to 2.10.3 and 3.2.0, JWT...", "creation_timestamp": "2026-07-15T02:08:06.573441Z"}]}