A flaw was found in Contour. When an HTTPProxy is configured with both a fallback certificate and JWT (JSON Web Token) providers, Contour does not properly enforce JWT verification. This allows remote attackers to bypass security checks by sending requests without a valid token, specifically when clients do not provide a TLS Server Name Indication (SNI) or provide an unrecognized SNI. The consequence is unauthorized access to upstream services and potential information disclosure.
Project Subscriptions
No data.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-g3xr-5w5j-w4q4 | Contour has Improper JWT Verification for Non-SNI Requests on Virtual Hosts with Fallback Certificate Enabled |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 15 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Contour. When an HTTPProxy is configured with both a fallback certificate and JWT (JSON Web Token) providers, Contour does not properly enforce JWT verification. This allows remote attackers to bypass security checks by sending requests without a valid token, specifically when clients do not provide a TLS Server Name Indication (SNI) or provide an unrecognized SNI. The consequence is unauthorized access to upstream services and potential information disclosure. | |
| Title | contour: Contour: JWT verification bypass allows unauthorized access via HTTPProxy misconfiguration | |
| Weaknesses | CWE-295 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Projects
Sign in to view the affected projects.
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
Github GHSA