14 matches found
Important: Red Hat Security Advisory: fence-agents security update
An update for fence-agents is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
RHEL 9 : Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update (Important) (RHSA-2026:34160)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:34160 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Manage...
Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2026-1842)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1842 advisory. PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate u...
CVE-2026-48526 vulnerabilities
Vulnerabilities for packages: datadog-agent, superset, ggshield, kserve...
RockyLinux 9 : fence-agents (RLSA-2026:26206)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26206 advisory. python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens CVE-2026-48526 Tenable has extracted the preceding description block directly from the...
fence-agents security update
An update is available for fence-agents. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling...
RLSA-2026:25902 Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Token...
RHEL 9 : fence-agents (RHSA-2026:26206)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26206 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable...
ALSA-2026:26206 Important: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Token...
RHEL 10 : fence-agents (RHSA-2026:25902)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25902 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachabl...
python311-PyJWT-2.13.0-1.1 on GA media (moderate)
python311-PyJWT-2.13.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:11024-1 Rating: moderate Cross-References: CVE-2026-48522 CVE-2026-48523 CVE-2026-48524 CVE-2026-48525 CVE-2026-48526 CVSS scores: CVE-2026-48522 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2026-48522 SUSE :...
Linux Distros Unpatched Vulnerability : CVE-2026-48526
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC...
CVE-2026-48526
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...
CVE-2026-48526
creationtimestamp| type| source ---|---|--- 2026-05-21 20:35:04+00:00| published-proof-of-concept| https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx 2026-05-28 17:38:22+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwksx74os2e 2026-06-04 08:21:13+00:00|...