Home / Vulnerability Intelligence / CVE-2026-27932

CVE-2026-27932 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: March 5, 2026

joserfc - Denial of Service

Published: March 3, 2026Updated: March 5, 2026PoC AvailableRemote Exploitable

Overview

joserfc <= 1.6.2 contains a resource exhaustion vulnerability caused by unbounded p2c parameter in PBES2 during JWE decryption, letting unauthenticated attackers cause denial of service via CPU exhaustion, exploit requires crafted JWE token with large iteration count.

Severity & Score

Severity: High

CVSS Score: 7.5

EPSS Score: 3.3%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can cause denial of service by exhausting CPU resources during token decryption.

Mitigation

Update to the latest version of joserfc that validates and bounds the p2c parameter.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 4, 2026

🟠 CVE-2026-27932 - High (7.5) joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial o... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27932/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-27932
Severity: High
CVSS Score: 7.5
Type: denial_of_service
Status: confirmed
EPSS: 3.3%
Social Posts: 1

CWE

CWE-770

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

3.3%Probability of exploitation in the next 30 days