HIGH
Pyjwt Project
CVE published 2026-03-13
CVE-2026-32597
CVE-2026-32597 is a high-severity vulnerability in PyJWT, a JSON Web Token implementation in Python. The vulnerability allows attackers to bypass critical (crit) Header Parameter validation as defined in RFC 7515 ยง4.1.11. Prior to version 2.12.0, PyJWT does not properly validate the crit array listing extensions it does not understand, potentially leading to security risks. This vulnerability has been fix [truncated]