CVE-2026-48522
PyJWKClient in PyJWT prior to 2.13.0 passes its uri argument directly to urllib.request.urlopen(), allowing attacker-controlled jku URLs to trigger SSRF and related token-forgery scenarios via file://, ftp://, or data: schemes. Affected component: PyJWKClient (Python). Root cause: lack of a schem...