RockyLinux 10 : fence-agents (RLSA-2026:19138)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19138 advisory. pyjwt: PyJWT accepts unknown crit header extensions RFC 7515 ?4.1.11 MUST violation CVE-2026-32597 pyasn1: pyasn1 Vulnerable to Denial of Service via...

CVE-2026-32597 PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

EUVD-2025-30790

Malicious code in bioql PyPI...

CVE-2025-59420

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters crit, violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical...