CVE-2026-9537
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/07/2026
Last modified:
17/07/2026
Description
Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison.<br />
<br />
The decode() method compares the supplied signature to the recomputed HMAC with Perl&#39;s eq operator, which stops at the first differing byte, so the comparison time varies with the number of matching leading bytes.<br />
<br />
A caller that decodes attacker supplied tokens leaks the expected signature through this timing variation, which can be aggregated over many requests to recover the signature and forge a token.



