SB2026043009 - IBM Watson Discovery Cartridge update for PyJWT

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026043009

SB2026043009 - IBM Watson Discovery Cartridge update for PyJWT

Published: April 30, 2026

Security Bulletin ID SB2026043009
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Insufficient verification of data authenticity (CVE-ID: CVE-2026-32597)

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass security policy enforcement.

The vulnerability exists due to insufficient verification of data authenticity in the PyJWT token header validation logic when processing JWS tokens with unknown critical header extensions. A remote attacker can send a specially crafted token to bypass security policy enforcement.

This can cause split-brain verification in mixed-library deployments, where other RFC-compliant libraries reject the same token.


Remediation

Install update from vendor's website.

References