Skip to main content
JWT Attacks in 2026: Algorithm Confusion, None Algorithm, and Key Confusion — G8KEPR Blog
Back to Blog
Security8 min readApril 18, 2026

JWT Attacks in 2026: Algorithm Confusion, None Algorithm, and Key Confusion

JSON Web Tokens are everywhere in API authentication and almost everywhere implemented with at least one exploitable weakness. The attacks have not changed much since 2018 — but the blast radius has grown as JWTs now gate LLM access, agent sessions, and multi-tenant data.

JWT attacks are not new. The 'none' algorithm vulnerability was documented in 2015. Algorithm confusion (RS256 vs HS256) was well-understood by 2017. But in 2026, JWTs are used to gate access to AI model APIs, MCP sessions, and multi-tenant data — so the blast radius of a JWT bypass is larger than it has ever been.

Attack 1: The None Algorithm

The JWT spec includes an "alg: none" value indicating an unsigned token. A vulnerable implementation that accepts this will process any token without verifying its signature. An attacker crafts a token with admin-level claims, sets alg to none, removes the signature, and submits it. If the server accepts it, the attacker is authenticated as whatever they claim.

Fix

Explicitly reject tokens with alg: none. Never implement algorithm selection from the token header — the allowed algorithms should be a fixed server-side configuration.

Attack 2: Algorithm Confusion (RS256 → HS256)

RSA-signed tokens (RS256) use a private key to sign and a public key to verify. If a server accepts both RS256 and HS256 (HMAC), an attacker can take the public key — which is public, hence the name — and use it as the HMAC secret to sign a modified token. The server, expecting RS256 but receiving HS256, may verify the HMAC with the public key and accept it.

Fix

Use a single fixed algorithm. Do not accept tokens signed with any algorithm other than the one you configured. The algorithm is not a token-level decision.

Attack 3: Key Confusion via JWK Header

The JWT spec allows a jwk header claim that embeds the public key used for verification. A vulnerable implementation that trusts the jwk header allows an attacker to embed their own key in the token and sign it with the corresponding private key. The server verifies the signature against the attacker-supplied key and accepts it.

Fix

Never trust key material from the token itself. The verification key must come from your own key store, not from the token being verified.

G8KEPR validates JWT algorithm and signature on every inbound request before the request reaches any handler. Algorithm confusion attempts are logged as high-severity events with full token metadata for forensics.

Related reading

API Keys vs JWT vs mTLS vs OAuth: Choosing the Right Pattern

A decision framework for picking the right authentication mechanism based on caller type, trust level, and operational constraints.

Related reading

API Key Security: Leakage Vectors and Response Playbooks

JWTs are often the right choice — but API keys are still widely used and have their own distinct attack surface.

Validate every JWT before it reaches your handlers

G8KEPR catches algorithm confusion, signature bypasses, and expired tokens at the gateway layer — with full forensic logging on every rejected request.

Start free trial
ShareX / TwitterLinkedIn

Related Articles

Security

G8KEPR Red Team Run 4: What We Found and What We Fixed

12 min read
Security

MCP Security in 2026: How to Sandbox AI Tool Calls

10 min read
Security

What Is Model Context Protocol (MCP) and Why Does It Need Security?

6 min read

Ready to secure your AI stack?

14-day free trial — full platform access, no credit card required. Early access members get pricing locked in forever.

Start Free TrialTalk to the Team