CVE-2026-32597 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. W…
High CVSS: 7.5

CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.
Vendor
Pyjwt Project
Product
Pyjwt
CWE
CWE-345
Yayın Tarihi
2026-03-13 19:55:09
Güncelleme
2026-03-19 13:30:29
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-345 Pyjwt HIGH Pyjwt Project 2026

Referanslar

https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f