PatchSiren

Pyjwt Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Pyjwt Project CVE published 2026-03-13

CVE-2026-32597

CVE-2026-32597 is a high-severity vulnerability in PyJWT, a JSON Web Token implementation in Python. The vulnerability allows attackers to bypass critical (crit) Header Parameter validation as defined in RFC 7515 ยง4.1.11. Prior to version 2.12.0, PyJWT does not properly validate the crit array listing extensions it does not understand, potentially leading to security risks. This vulnerability has been fix [truncated]