Lucene search
+L

46 matches found

osv
osv
added 2026/07/07 4:3 p.m.7 views

PYSEC-2026-1200 Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)

Summary Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header for example, bork or cnf that strict verifiers reject but Authlib accepts. In...

7.5CVSS6AI score0.00244EPSS
Exploits1References7
astralinux
astralinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in pyjwt

PyJWT is an implementation of JSON Web Tokens in Python. Before version 2.12.0, PyJWT did not validate the Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a critical array listing extensions that PyJWT does not understand, the library accepts the token instead of...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References3
nessus
nessus
added 2026/06/05 12:0 a.m.13 views

RockyLinux 10 : fence-agents (RLSA-2026:19138)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19138 advisory. pyjwt: PyJWT accepts unknown crit header extensions RFC 7515 ?4.1.11 MUST violation CVE-2026-32597 pyasn1: pyasn1 Vulnerable to Denial of Service via...

7.5CVSS6.6AI score0.00803EPSS
Exploits2References5
redhat
redhat
added 2026/06/01 9:8 p.m.12 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS7.1AI score0.00269EPSS
Exploits1References5
redhat
redhat
added 2026/05/28 12:6 a.m.11 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS5.7AI score0.00269EPSS
Exploits1References5
nessus
nessus
added 2026/05/28 12:0 a.m.14 views

RHEL 9 : fence-agents (RHSA-2026:21431)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:21431 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

8.2CVSS6.8AI score0.00341EPSS
Exploits1References6
redhat
redhat
added 2026/05/19 10:5 p.m.11 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
redhat
redhat
added 2026/05/19 4:22 p.m.12 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
redhat
redhat
added 2026/05/06 6:40 a.m.9 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
nessus
nessus
added 2026/05/06 12:0 a.m.7 views

AlmaLinux 10 : fence-agents (ALSA-2026:13916)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13916 advisory. pyjwt: PyJWT accepts unknown crit header extensions RFC 7515 ?4.1.11 MUST violation CVE-2026-32597 pyasn1: pyasn1 Vulnerable to Denial of Service via...

7.5CVSS7.1AI score0.00803EPSS
Exploits2References4
debian
debian
added 2026/05/05 3:44 p.m.11 views

[SECURITY] [DLA 4564-1] pyjwt security update

Debian LTS Advisory DLA-4564-1 [email protected] https://www.debian.org/lts/security/ Jochen Sprickerhof May 05, 2026 https://wiki.debian.org/LTS Package : pyjwt Version : 1.7.1-2+deb11u1 CVE ID : CVE-2026-32597 It was discovered that PyJWT, a Python implementation of JSON Web Token did...

7.5CVSS6.7AI score0.00269EPSS
Exploits1
redhat
redhat
added 2026/05/05 10:32 a.m.9 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS7.2AI score0.00269EPSS
Exploits1References5
redhat
redhat
added 2026/05/04 2:31 p.m.8 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
redhat
redhat
added 2026/05/04 2:10 p.m.7 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
ibm
ibm
added 2026/05/04 12:30 p.m.6 views

Security Bulletin: PyJWT Fails to Validate Critical (crit) Header Parameter, Allowing Token Acceptance

Summary PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of...

7.5CVSS6.8AI score0.00269EPSS
Exploits1Affected Software1
redhat
redhat
added 2026/04/30 10:22 a.m.11 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS8.5AI score0.00269EPSS
Exploits1References5
osv
osv
added 2026/04/16 10:47 a.m.6 views

SUSE-SU-2026:1400-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: - CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616...

7.5CVSS5.8AI score0.00269EPSS
Exploits1References3
suse
suse
added 2026/04/16 9:20 a.m.13 views

Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

8.7CVSS6.7AI score0.00269EPSS
Exploits1References4
osv
osv
added 2026/04/16 9:19 a.m.5 views

SUSE-SU-2026:1389-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: - CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616...

7.5CVSS5.8AI score0.00269EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/04/07 5:3 p.m.4 views

CVE-2026-35042

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token...

7.5CVSS5.9AI score0.00155EPSS
Exploits1References1
Rows per page
Query Builder