JWT Signature Validation Bypass in FactoryTalk® Services Platform by Rockwell Automation
CVE-2026-10714
8.8HIGH
Key Information:
- Vendor
Rockwell Automation
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-10714?
A security vulnerability within the FactoryTalk® Services Platform allows an attacker to bypass JWT signature validation during Okta Web Authentication. This issue arises because the application fails to properly enforce the expected JWT algorithm of RSA, allowing attackers to set the algorithm to 'none' and create forged tokens. As a result, an authenticated low-privilege user could impersonate authorized users on the FTSP server. This unauthorized access could lead to alterations in system configuration and the ability to grant permissions to protected systems, posing significant risks to security and operations.
Affected Version(s)
FactoryTalk® Services Platform Version 6.60