AIKIDO-2026-11098
System.IdentityModel.Tokens.Jwt is vulnerable to Information Disclosure
53
Medium Risk
This Affects:
System.IdentityModel.Tokens.JwtTL;DR
When System.IdentityModel.Tokens.Jwt validates or creates JWTs, large claim sets rent oversized buffers from the shared ArrayPool and previously decoded beyond the written payload, so stale pool bytes could be parsed as claims. Token encoding and utility paths also returned pooled arrays without clearing them, leaving header, payload, and signing bytes in the shared pool for later operations in the same process. An attacker who can submit JWTs to a shared host may influence pool reuse timing and recover residual sensitive bytes from prior token handling. Version 8.19.0 slices rented buffers to the decoded size and clears pooled arrays on return across the affected JWT paths.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
System.IdentityModel.Tokens.Jwt is vulnerable to Information Disclosure in versions 8.0.0 - 8.18.0.
How to fix this
Upgrade the System.IdentityModel.Tokens.Jwt library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant