CVE-2026-39373 Overview
CVE-2026-39373 is a Memory Exhaustion vulnerability affecting JWCrypto, a Python library that implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. This vulnerability represents an incomplete fix for CVE-2024-28102, which limited input token size to 250KB but failed to validate the decompressed output size.
Critical Impact
Unauthenticated attackers can cause memory exhaustion on memory-constrained systems. A token under the 250KB input limit can decompress to approximately 100MB, creating a significant amplification factor for denial of service attacks.
Affected Products
- JWCrypto versions prior to 1.5.7
- Applications using JWCrypto for JWE token processing with ZIP compression enabled
- Python services implementing JWT/JWE authentication using vulnerable JWCrypto versions
Discovery Timeline
- 2026-04-07 - CVE-2026-39373 published to NVD
- 2026-04-08 - Last updated in NVD database
Technical Details for CVE-2026-39373
Vulnerability Analysis
This vulnerability (CWE-409: Improper Handling of Highly Compressed Data) stems from inadequate validation of decompressed data size in JWE token processing. The JWE specification allows for optional ZIP compression of payload content before encryption. While a previous patch addressed unbounded input by limiting token size to 250KB, it overlooked the compression ratio problem.
An attacker can craft a highly compressed payload that appears small when encrypted but expands dramatically upon decompression. This classic "zip bomb" or "decompression bomb" technique exploits the asymmetry between compressed and decompressed data sizes. In this case, the amplification factor allows approximately 400x expansion (250KB to ~100MB), making it an effective vector for resource exhaustion attacks.
Root Cause
The root cause is the missing validation of decompressed output size in the JWE decryption routine. The existing mitigation from CVE-2024-28102 only enforced input size limits without considering the output size after decompression. The code path responsible for handling ZIP-compressed JWE payloads decompresses data into memory without bounds checking on the resulting buffer size.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker sends crafted JWE tokens to any endpoint that processes JWE tokens using a vulnerable JWCrypto version. The attack is particularly effective against:
- Memory-constrained environments (containers, serverless functions)
- Services with multiple concurrent token processing threads
- Applications without rate limiting on authentication endpoints
The attacker constructs a JWE token with a highly compressible payload (such as repeated null bytes or patterns) that compresses well below 250KB but decompresses to significantly larger sizes. When the server attempts to decrypt and decompress the token, it allocates memory proportional to the decompressed size, potentially exhausting available memory.
Detection Methods for CVE-2026-39373
Indicators of Compromise
- Unusual memory consumption spikes on services processing JWE tokens
- Multiple failed or slow authentication requests from single sources
- JWE tokens with ZIP compression headers arriving in high volume
- Application crashes or out-of-memory errors in JWCrypto-dependent services
Detection Strategies
- Monitor memory usage patterns on services that process JWE tokens
- Implement logging for JWE token processing that captures compression header presence
- Deploy application performance monitoring (APM) to detect memory exhaustion patterns
- Review access logs for repeated requests containing JWE tokens from suspicious sources
Monitoring Recommendations
- Set up alerts for memory usage thresholds on authentication services
- Monitor for sudden increases in JWE token processing times
- Track the ratio of successful to failed token validations
- Implement rate limiting monitoring on endpoints accepting JWE tokens
How to Mitigate CVE-2026-39373
Immediate Actions Required
- Upgrade JWCrypto to version 1.5.7 or later immediately
- Implement rate limiting on endpoints that accept JWE tokens
- Consider disabling ZIP compression support if not required by your application
- Review memory limits and resource quotas for affected services
Patch Information
The vulnerability is fixed in JWCrypto version 1.5.7. The patch adds validation of the decompressed output size, preventing the memory exhaustion condition. Organizations should update their dependencies using their package manager:
For detailed information about the fix, refer to the GitHub Security Advisory.
Workarounds
- Implement application-level memory limits for token processing operations
- Add a reverse proxy or WAF rule to limit JWE token payload sizes
- Disable ZIP compression in JWE processing if application requirements permit
- Deploy resource quotas (cgroups, container limits) to prevent memory exhaustion from affecting other services
# Upgrade JWCrypto to patched version
pip install --upgrade jwcrypto>=1.5.7
# Verify installed version
pip show jwcrypto | grep Version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
