Description
PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature verification is performed with the algorithm bound to the PyJWK object instead of the header algorithm. An attacker who controls a registered JWK/JWKS private key can sign with a disallowed algorithm, advertise an allowed algorithm in the JWT header, and still be accepted. The issue affects the documented PyJWKClient.get_signing_key_from_jwt(...) flow. This vulnerability is fixed in 2.13.0.
Published: 2026-05-28
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PyJWT versions 2.9.0 through 2.12.1 allow a bypass of the algorithm allow‑list when the jwt.decode() or jwt.decode_complete() functions are called with a PyJWK key. In this flow the token header algorithm is compared with a caller‑supplied list of allowed algorithms, yet the signature is verified using the algorithm that is bound to the PyJWK object instead of the header value. An attacker who can obtain a private key for a registered JWK/JWKS can sign a token with a disallowed algorithm, advertise an allowed algorithm in the header, and have the token accepted by the application. This flaw is a case of improper verification and is identified as CWE‑347, potentially allowing an attacker to forge authentication tokens.

Affected Systems

PyJWT – the popular Python JSON Web Token library – is affected for all releases from 2.9.0 to 2.12.1 inclusive. The issue specifically impacts the documented PyJWKClient.get_signing_key_from_jwt flow, which developers use to retrieve signing keys from JWKS endpoints.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity. The EPSS score is not reported and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires control of a registered private JWK key. If an attacker can supply a forged JWT with a disallowed algorithm yet advertise a permitted one, the application will accept the token, effectively bypassing authentication. The attack vector is typically an in‑application JWT validation path rather than an external network service, making it most relevant to applications that trust third‑party JWKs without strict algorithm verification.

Generated by OpenCVE AI on May 28, 2026 at 16:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PyJWT to version 2.13.0 or later so the algorithm allow‑list is correctly enforced
  • If an immediate upgrade cannot be performed, replace or wrap PyJWKClient usage with custom logic that validates the token’s ‘alg’ against a hard‑coded whitelist before verification and rejects any mismatches
  • Audit custom JWT verification paths to ensure they do not bypass algorithm enforcement and refactor any insecure code

Generated by OpenCVE AI on May 28, 2026 at 16:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-jq35-7prp-9v3f PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys
History

Fri, 05 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 01 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Pyjwt Project
Pyjwt Project pyjwt
CPEs cpe:2.3:a:pyjwt_project:pyjwt:*:*:*:*:*:*:*:*
Vendors & Products Pyjwt Project
Pyjwt Project pyjwt

Thu, 28 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Jpadilla
Jpadilla pyjwt
Vendors & Products Jpadilla
Jpadilla pyjwt

Thu, 28 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature verification is performed with the algorithm bound to the PyJWK object instead of the header algorithm. An attacker who controls a registered JWK/JWKS private key can sign with a disallowed algorithm, advertise an allowed algorithm in the JWT header, and still be accepted. The issue affects the documented PyJWKClient.get_signing_key_from_jwt(...) flow. This vulnerability is fixed in 2.13.0.
Title PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys
Weaknesses CWE-347
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Jpadilla Pyjwt
Pyjwt Project Pyjwt
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-28T15:27:49.780Z

Reserved: 2026-05-21T16:18:10.619Z

Link: CVE-2026-48523

cve-icon Vulnrichment

Updated: 2026-05-28T15:27:32.358Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T16:16:29.280

Modified: 2026-06-01T17:44:48.617

Link: CVE-2026-48523

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-28T15:10:19Z

Links: CVE-2026-48523 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T17:45:22Z

Weaknesses
  • CWE-347

    Improper Verification of Cryptographic Signature