CVE-2026-31946 | OpenOlat up to 20.2.4 JWKS Endpoint JSONWebToken.parse improper authentication (GHSA-v8vp-x4q4-2vch)

A vulnerability labeled as critical has been found in OpenOlat up to 20.2.4. Affected by this vulnerability is the function JSONWebToken.parse of the component JWKS Endpoint. Such manipulation leads to improper authentication.

This vulnerability is documented as CVE-2026-31946. The attack can be executed remotely. There is not any exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More