Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-25554

OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c whe...
Back to all
CVE

CVE-2026-25554

OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c whe...

OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwtdbauthorize() function in modules/authjwt/authorize.c when db_mode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT without prior signature verification and incorporates the unescaped value directly into a SQL query. An attacker can supply a crafted JWT with a malicious tag claim to manipulate the query result and bypass JWT authentication, allowing impersonation of arbitrary identities.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
8.3
-
4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
C
H
U
-

Related Resources

No items found.

References

https://opensips.org/pub/opensips/3.6.4/ChangeLog, https://opensips.org/, https://www.vulncheck.com/advisories/opensips-auth-jwt-sql-injection-enables-jwt-authentication-bypass, https://github.com/OpenSIPS/opensips/commit/3822d33c1c6b25832fdd88da1d23eed74be55b05, https://github.com/OpenSIPS/opensips/pull/3807

Severity

6.5

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
6.5
EPSS Probability
0.001%
EPSS Percentile
0.27201%
Introduced Version
58804282fe53b25a2d18f8bed35b8f6fc8f8a1a8,0
Fix Available
2367deb8e2c408a2d38e90d80b5a9580dbdff959,3822d33c1c6b25832fdd88da1d23eed74be55b05

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading