Main Vulnerability Database SB20260427133

SB20260427133 - SUSE update for python-PyJWT

Published: April 27, 2026

Security Bulletin ID SB20260427133

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Insufficient verification of data authenticity (CVE-ID: CVE-2026-32597)

The vulnerability allows a remote attacker to bypass security policy enforcement.

The vulnerability exists due to insufficient verification of data authenticity in the PyJWT token header validation logic when processing JWS tokens with unknown critical header extensions. A remote attacker can send a specially crafted token to bypass security policy enforcement.

This can cause split-brain verification in mixed-library deployments, where other RFC-compliant libraries reject the same token.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20261400-1/

SB20260427133 - SUSE update for python-PyJWT

Breakdown by Severity

Description

Remediation

References

Please verify you're human