PT-2026-44395
Name of the Vulnerable Software and Affected Versions PyJWT versions 2.9.0 through 2.12.1 Description A verifier-side algorithm allow-list bypass occurs when jwt.decode or jwt.decode complete are called with a PyJWK key. While the token header alg is checked against the provided algorithms...