CVE-2026-48522 jpadilla CVE debrief

Who should care

Development teams using PyJWT for JWT verification with PyJWKClient, particularly those accepting dynamic or attacker-influenced jku URLs; security engineers reviewing authentication implementations; DevOps teams managing Python dependency updates

Technical summary

The PyJWKClient class in PyJWT versions prior to 2.13.0 does not restrict URI schemes when fetching JSON Web Key Sets. The uri parameter passes directly to urllib.request.urlopen(), enabling file://, ftp://, and data:// protocol handlers. Attackers controlling jku header values or configuration-derived URIs can induce local file reads or unintended network requests. Token forgery exploitation requires supplementary application flaws including filesystem write access and insecure jku derivation. Fixed in PyJWT 2.13.0.

Defensive priority

medium

Recommended defensive actions

• Upgrade PyJWT to version 2.13.0 or later to obtain scheme restriction controls
• Validate and sanitize all URI inputs passed to PyJWKClient before instantiation, rejecting non-HTTP(S) schemes at the application layer
• Implement allowlist-based URL validation for any attacker-influenced jku header values or configuration-derived URIs
• Review application logic that derives jku URLs from untrusted sources; ensure filesystem write permissions do not overlap with paths used in jku resolution
• Monitor for anomalous outbound requests from applications using PyJWKClient, particularly file:// and ftp:// scheme attempts
• Conduct code review of JWT verification implementations to identify custom PyJWKClient instantiations with user-controlled URIs

Evidence notes

CVE published 2026-05-28T16:16:29.150Z; modified 2026-05-28T18:03:16.223Z. Advisory references GitHub Security Advisory GHSA-993g-76c3-p5m4. CWE-441 (Unintended Proxy or Intermediary) and CWE-918 (Server-Side Request Forgery) identified. Fix version 2.13.0 confirmed.

Official resources