DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-6VVH-PXR4-25R7: GHSA-6vvh-pxr4-25r7: Cryptographic Integrity Degradation in JWT Framework ChaCha20-Poly1305 Key Encryption

#security #cve #cybersecurity #ghsa

GHSA-6vvh-pxr4-25r7: Cryptographic Integrity Degradation in JWT Framework ChaCha20-Poly1305 Key Encryption

Vulnerability ID: GHSA-6VVH-PXR4-25R7
CVSS Score: 5.9
Published: 2026-06-18

An implementation flaw in the experimental Chacha20Poly1305 key-encryption algorithm within the PHP JWT Framework (web-token/jwt-framework) discards the Poly1305 authentication tag during key wrapping and omits it during decryption. This degrades the Authenticated Encryption with Associated Data (AEAD) protection to unauthenticated ChaCha20, allowing an attacker to manipulate the encrypted Content Encryption Key (CEK) without detection.

TL;DR

The PHP JWT Framework fails to store and verify the Poly1305 authentication tag for experimental ChaCha20-Poly1305 key encryption. This degrades the algorithm to an unauthenticated stream cipher, making the encrypted key malleable to bit-flipping attacks.

⚠️ Exploit Status: POC

Technical Details

  • Vulnerability Type: Cryptographic Integrity Degradation
  • CWE ID: CWE-353, CWE-347
  • Attack Vector: Adjacent Network
  • CVSS v4.0 Score: 5.9 (Medium)
  • Exploit Status: PoC / Regression Tests Available
  • CISA KEV Status: Not Listed

Affected Systems

  • web-token/jwt-experimental
  • web-token/jwt-library
  • web-token/jwt-library: >= 3.3.0, < 3.4.10 (Fixed in: 3.4.10)
  • web-token/jwt-library: >= 4.0.0, < 4.0.7 (Fixed in: 4.0.7)
  • web-token/jwt-library: >= 4.1.0, < 4.1.7 (Fixed in: 4.1.7)

Mitigation Strategies

  • Upgrade web-token/jwt-library to a patched version (3.4.10, 4.0.7, or 4.1.7).
  • Remove Chacha20Poly1305 from the AlgorithmManager if patching is not immediately feasible.

Remediation Steps:

  1. Run 'composer update web-token/jwt-library' to fetch the latest secure release.
  2. Verify dependencies to ensure no legacy vulnerable experimental packages remain active.
  3. Audit JWE configurations to confirm only secure, standardized algorithms (like AES-GCM or AES-KW) are enabled.

References

Read the full report for GHSA-6VVH-PXR4-25R7 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)