SB2026042835 - Ubuntu update for pyjwt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026042835

SB2026042835 - Ubuntu update for pyjwt

Published: April 28, 2026

Security Bulletin ID SB2026042835
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Insufficient verification of data authenticity (CVE-ID: CVE-2026-32597)

The vulnerability allows a remote attacker to bypass security policy enforcement.

The vulnerability exists due to insufficient verification of data authenticity in the PyJWT token header validation logic when processing JWS tokens with unknown critical header extensions. A remote attacker can send a specially crafted token to bypass security policy enforcement.

This can cause split-brain verification in mixed-library deployments, where other RFC-compliant libraries reject the same token.


Remediation

Install update from vendor's website.

References