JWT Header Validation Flaw in Opcenter X Affects Siemens Products
CVE-2026-56451
10CRITICAL
What is CVE-2026-56451?
A security issue has been identified in Opcenter X, where applications fail to properly validate the algorithm specified in the JSON Web Token (JWT) header. This vulnerability allows an unauthenticated remote attacker to forge arbitrary JWTs. Consequently, the attacker can bypass authentication mechanisms leading to the impersonation of any user, including those with administrative privileges. If exploited, this could grant the attacker full unauthorized access to the application and its sensitive information.
Affected Version(s)
Opcenter X 0