ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351
JWT.decode(token, '', true, algorithm: 'HS256') accepts an attacker-forged token. OpenSSL::HMAC.digest('SHA256', '', payload) returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decode(token, "", true, algorithm: 'HS256') -> JWA::Hmac.verify(verification_key: "", …) -> OpenSSL::HMAC.digest('SHA256', "", signing_input) == signature The same path is reached when a keyfinder block or key_finder: argument returns "", nil, or an array containing nil for an unknown …