Description
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no documented option to restrict which schemes PyJWKClient will fetch. If an application's jku URL ingestion path accepts attacker-influenced URLs (e.g., from JWT header, configuration file, OAuth flow parameter), the attacker can cause PyJWKClient to read arbitrary local files via file:// (SSRF on local filesystem), cause PyJWKClient to attempt FTP / data-URI fetches (broader SSRF surface), or forge tokens that PyJWT verifies as valid. The library does not directly return non-HTTP(S) URI contents to the attacker; the chained "plant a JWKS to forge tokens" scenario described in the original report requires additional application-layer flaws (attacker write access to a filesystem path, untrusted jku derivation) that this fix does not address. This vulnerability is fixed in 2.13.0.
Published: 2026-05-28
Score: 4.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PyJWT did not restrict the URI scheme used by PyJWKClient when resolving a JWKS endpoint. Because the library forwards the supplied URI directly to urllib.request.urlopen(), attackers who can influence the jku value (through a JWT header, config file, or OAuth parameter) may cause the library to attempt requests to file://, ftp:// or data: URLs. This yields server‑side request forgery against local files or remote FTP resources, and if an attacker can also write to a path that will later be served as a JWKS document, they could forge a JWT that the library would accept. The library itself does not return non‑HTTP content to the attacker, so the direct impact is limited to SSRF and the prerequisite for token forgery.

Affected Systems

Applications built on the jpadilla:PyJWT package that use PyJWKClient before version 2.13.0 are vulnerable. Any Python project that imports PyJWT and relies on PyJWKClient with potential user‑controlled jku URI inputs is at risk.

Risk and Exploitability

The CVSS score of 4.2 indicates moderate severity, but the EPSS score is not available and the vulnerability is not listed in KEV, suggesting that exploitation is unlikely at present. The attack requires an attacker to influence the jku value and to target a code path where JWTs are parsed. The vulnerability alone does not allow arbitrary file reading or token forging; further application flaws such as write access to a JWKS file or lack of input validation are needed. Nonetheless, the presence of non‑HTTP schemes exposes a surface for local or remote SSRF.

Generated by OpenCVE AI on May 28, 2026 at 16:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to PyJWT 2.13.0 or later, which implements a scheme whitelist and restricts file://, ftp://, and data: protocols.
  • Restrict or validate any attacker‑influenced jku URLs in your application code; accept only https:// or other trusted schemes, and reject or neutralize file://, ftp://, and data: URLs.
  • Review and audit application logic to ensure that jku values cannot be derived from untrusted data, constrain file‑system write permissions, and configure the library’s optional allow‑list feature if available.

Generated by OpenCVE AI on May 28, 2026 at 16:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Jpadilla
Jpadilla pyjwt
Vendors & Products Jpadilla
Jpadilla pyjwt

Thu, 28 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no documented option to restrict which schemes PyJWKClient will fetch. If an application's jku URL ingestion path accepts attacker-influenced URLs (e.g., from JWT header, configuration file, OAuth flow parameter), the attacker can cause PyJWKClient to read arbitrary local files via file:// (SSRF on local filesystem), cause PyJWKClient to attempt FTP / data-URI fetches (broader SSRF surface), or forge tokens that PyJWT verifies as valid. The library does not directly return non-HTTP(S) URI contents to the attacker; the chained "plant a JWKS to forge tokens" scenario described in the original report requires additional application-layer flaws (attacker write access to a filesystem path, untrusted jku derivation) that this fix does not address. This vulnerability is fixed in 2.13.0.
Title PyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemes
Weaknesses CWE-441
CWE-918
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N'}

Subscriptions

Jpadilla Pyjwt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-28T15:00:30.186Z

Reserved: 2026-05-21T16:18:10.619Z

Link: CVE-2026-48522

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T16:16:29.150

Modified: 2026-05-28T18:03:16.223

Link: CVE-2026-48522

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T17:45:22Z

Weaknesses