UBUNTU-CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Patch 1 Vulnerability Details CVEID:CVE-2024-58340 DESCRIPTION: LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service ReDoS vulnerability in the MRKLOutputParser.pars...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in PyJWT-2.10.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in PyJWT-2.10.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-45768 DESCRIPTION: pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the...

PT-2026-25090

Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.12.0 Description PyJWT is a Python implementation for handling JSON Web Tokens JWT. Before version 2.12.0, the library did not properly validate the 'crit' Critical Header Parameter as defined in RFC 7515 §4.1.11...