← Volver a CVEs
CVE-2026-32597
HIGH7.5
Descripcion
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/13/2026
Ultima modificacion3/19/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
pyjwt_project:pyjwt
Debilidades (CWE)
CWE-345CWE-863
Referencias
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f(security-advisories@github.com)
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.