CVE-2026-32301 | centrifugal centrifugo up to 6.6.x JWKS Endpoint iss/aud server-side request forgery

A vulnerability classified as critical has been found in centrifugal centrifugo up to 6.6.x. Affected is an unknown function of the component JWKS Endpoint. Performing a manipulation of the argument iss/aud results in server-side request forgery.

This vulnerability is identified as CVE-2026-32301. The attack can be initiated remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More