Fluid Attacks Database

Description

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature verification is performed with the algorithm bound to the PyJWK object instead of the header algorithm. An attacker who controls a registered JWK/JWKS private key can sign with a disallowed algorithm, advertise an allowed algorithm in the JWT header, and still be accepted. The issue affects the documented PyJWKClient.get_signing_key_from_jwt(...) flow. This vulnerability is fixed in 2.13.0.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	pyjwt	=2.10.1-2 \|\| =2.10.1-2+deb13u1 \|\| =2.10.1-3 \|\| =2.10.1-4 \|\| =2.11.0-2 \|\| =2.12.1-1	-
debian 14	pyjwt	=2.10.1-2 \|\| =2.10.1-3 \|\| =2.10.1-4 \|\| =2.11.0-2 \|\| =2.12.1-1	-
debian 11	pyjwt	=1.7.1-2 \|\| =1.7.1-2+deb11u1 \|\| =2.1.0-1 \|\| =2.1.0-1~bpo11+1 \|\| =2.10.1-1 \|\| =2.10.1-2 \|\| =2.10.1-3 \|\| =2.10.1-4 \|\| =2.11.0-2 \|\| =2.12.1-1 \|\| =2.3.0-1 \|\| =2.4.0-1 \|\| =2.4.0-2 \|\| =2.6.0-1 \|\| =2.7.0-1	-
debian 12	pyjwt	=2.10.1-1 \|\| =2.10.1-2 \|\| =2.10.1-3 \|\| =2.10.1-4 \|\| =2.11.0-2 \|\| =2.12.1-1 \|\| =2.6.0-1 \|\| =2.6.0-1+deb12u1 \|\| =2.7.0-1	-
pypi	pyjwt	=2.10.0 \|\| =2.10.1 \|\| =2.11.0 \|\| =2.12.0 \|\| =2.9.0 \|\| >=2.9.0 <2.12.1	2.12.1
rpm rhel10	fence-agents	-	-
rpm rhel9	fence-agents	-	-

Aliases

1. CVE-2026-485232. NVD-2026-485233. OSV-DEBIAN-2026-485234. OSV-2026-485235. OSV-PYSEC-2026-1766. GCVE-2026-485237. SECURITY-TRACKER-CVE-2026-48523

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.