JWT Validation Vulnerability in Perry by PerryTS
CVE-2026-53776

9.3CRITICAL

Key Information:

Vendor: Perryts
Status: Perry
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-53776?

Perry before version 0.5.1166 is susceptible to a JWT validation vulnerability, allowing remote attackers to exploit an improperly configured validation setting. This flaw permits attackers to bypass token expiration, as the 'validate_exp' parameter in the verify_decode helper is mistakenly set to false. As a result, attackers holding a previously issued bearer token can use expired tokens for authentication during jwt.verify() calls. This compromise enables continuous access to the application, undermining session management features like user logout and administrative session revocation.

Affected Version(s)

perry 0

References

https://github.com/PerryTS/perry/releases/v0.5.1166

release-notes

https://github.com/PerryTS/perry/security/advisories/GHSA...

vendor-advisory

https://www.vulncheck.com/advisories/perry-jwt-expiration...

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 10, 2026

Credit

Katriel Moses

VulnCheck

CVE-2026-53776 Data

JSON

Perryts

What is CVE-2026-53776?

Affected Version(s)

References

CVSS V4

Timeline

Credit