Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
PyJWT fails to reject unknown JWT extensions
GHSA-752w-5fwx-jx9f
CVE-2026-32597
Summary
PyJWT library does not properly check for unknown JWT extensions, which can allow an attacker to create malicious tokens that are not rejected as invalid. This is a security risk because it can be used to bypass authentication checks. To address this, update to the latest version of PyJWT, which includes the fix.
What to do
- Update pyjwt to version 2.12.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | pyjwt | <= 2.11.0 | 2.12.0 |
Original title
PyJWT accepts unknown `crit` header extensions
Original description
## Summary
PyJWT does not validate the `crit` (Critical) Header Parameter defined in
RFC 7515 §4.1.11. When a JWS token contains a `crit` array listing
extensions that PyJWT does not understand, the library accepts the token
instead of rejecting it. This violates the **MUST** requirement in the RFC.
This is the same class of vulnerability as CVE-2025-59420 (Authlib),
which received CVSS 7.5 (HIGH).
---
## RFC Requirement
RFC 7515 §4.1.11:
> The "crit" (Critical) Header Parameter indicates that extensions to this
> specification and/or [JWA] are being used that **MUST** be understood and
> processed. [...] If any of the listed extension Header Parameters are
> **not understood and supported** by the recipient, then the **JWS is invalid**.
---
## Proof of Concept
```python
import jwt # PyJWT 2.8.0
import hmac, hashlib, base64, json
# Construct token with unknown critical extension
header = {"alg": "HS256", "crit": ["x-custom-policy"], "x-custom-policy": "require-mfa"}
payload = {"sub": "attacker", "role": "admin"}
def b64url(data):
return base64.urlsafe_b64encode(data).rstrip(b"=").decode()
h = b64url(json.dumps(header, separators=(",", ":")).encode())
p = b64url(json.dumps(payload, separators=(",", ":")).encode())
sig = b64url(hmac.new(b"secret", f"{h}.{p}".encode(), hashlib.sha256).digest())
token = f"{h}.{p}.{sig}"
# Should REJECT — x-custom-policy is not understood by PyJWT
try:
result = jwt.decode(token, "secret", algorithms=["HS256"])
print(f"ACCEPTED: {result}")
# Output: ACCEPTED: {'sub': 'attacker', 'role': 'admin'}
except Exception as e:
print(f"REJECTED: {e}")
```
**Expected:** `jwt.exceptions.InvalidTokenError: Unsupported critical extension: x-custom-policy`
**Actual:** Token accepted, payload returned.
### Comparison with RFC-compliant library
```python
# jwcrypto — correctly rejects
from jwcrypto import jwt as jw_jwt, jwk
key = jwk.JWK(kty="oct", k=b64url(b"secret"))
jw_jwt.JWT(jwt=token, key=key, algs=["HS256"])
# raises: InvalidJWSObject('Unknown critical header: "x-custom-policy"')
```
---
## Impact
- **Split-brain verification** in mixed-library deployments (e.g., API
gateway using jwcrypto rejects, backend using PyJWT accepts)
- **Security policy bypass** when `crit` carries enforcement semantics
(MFA, token binding, scope restrictions)
- **Token binding bypass** — RFC 7800 `cnf` (Proof-of-Possession) can be
silently ignored
- See CVE-2025-59420 for full impact analysis
---
## Suggested Fix
In `jwt/api_jwt.py`, add validation in `_validate_headers()` or
`decode()`:
```python
_SUPPORTED_CRIT = {"b64"} # Add extensions PyJWT actually supports
def _validate_crit(self, headers: dict) -> None:
crit = headers.get("crit")
if crit is None:
return
if not isinstance(crit, list) or len(crit) == 0:
raise InvalidTokenError("crit must be a non-empty array")
for ext in crit:
if ext not in self._SUPPORTED_CRIT:
raise InvalidTokenError(f"Unsupported critical extension: {ext}")
if ext not in headers:
raise InvalidTokenError(f"Critical extension {ext} not in header")
```
---
## CWE
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-863: Incorrect Authorization
## References
- [RFC 7515 §4.1.11](https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11)
- [CVE-2025-59420 — Authlib crit bypass (CVSS 7.5)](https://osv.dev/vulnerability/GHSA-9ggr-2464-2j32)
- [RFC 7800 — Proof-of-Possession Key Semantics](https://www.rfc-editor.org/rfc/rfc7800)
PyJWT does not validate the `crit` (Critical) Header Parameter defined in
RFC 7515 §4.1.11. When a JWS token contains a `crit` array listing
extensions that PyJWT does not understand, the library accepts the token
instead of rejecting it. This violates the **MUST** requirement in the RFC.
This is the same class of vulnerability as CVE-2025-59420 (Authlib),
which received CVSS 7.5 (HIGH).
---
## RFC Requirement
RFC 7515 §4.1.11:
> The "crit" (Critical) Header Parameter indicates that extensions to this
> specification and/or [JWA] are being used that **MUST** be understood and
> processed. [...] If any of the listed extension Header Parameters are
> **not understood and supported** by the recipient, then the **JWS is invalid**.
---
## Proof of Concept
```python
import jwt # PyJWT 2.8.0
import hmac, hashlib, base64, json
# Construct token with unknown critical extension
header = {"alg": "HS256", "crit": ["x-custom-policy"], "x-custom-policy": "require-mfa"}
payload = {"sub": "attacker", "role": "admin"}
def b64url(data):
return base64.urlsafe_b64encode(data).rstrip(b"=").decode()
h = b64url(json.dumps(header, separators=(",", ":")).encode())
p = b64url(json.dumps(payload, separators=(",", ":")).encode())
sig = b64url(hmac.new(b"secret", f"{h}.{p}".encode(), hashlib.sha256).digest())
token = f"{h}.{p}.{sig}"
# Should REJECT — x-custom-policy is not understood by PyJWT
try:
result = jwt.decode(token, "secret", algorithms=["HS256"])
print(f"ACCEPTED: {result}")
# Output: ACCEPTED: {'sub': 'attacker', 'role': 'admin'}
except Exception as e:
print(f"REJECTED: {e}")
```
**Expected:** `jwt.exceptions.InvalidTokenError: Unsupported critical extension: x-custom-policy`
**Actual:** Token accepted, payload returned.
### Comparison with RFC-compliant library
```python
# jwcrypto — correctly rejects
from jwcrypto import jwt as jw_jwt, jwk
key = jwk.JWK(kty="oct", k=b64url(b"secret"))
jw_jwt.JWT(jwt=token, key=key, algs=["HS256"])
# raises: InvalidJWSObject('Unknown critical header: "x-custom-policy"')
```
---
## Impact
- **Split-brain verification** in mixed-library deployments (e.g., API
gateway using jwcrypto rejects, backend using PyJWT accepts)
- **Security policy bypass** when `crit` carries enforcement semantics
(MFA, token binding, scope restrictions)
- **Token binding bypass** — RFC 7800 `cnf` (Proof-of-Possession) can be
silently ignored
- See CVE-2025-59420 for full impact analysis
---
## Suggested Fix
In `jwt/api_jwt.py`, add validation in `_validate_headers()` or
`decode()`:
```python
_SUPPORTED_CRIT = {"b64"} # Add extensions PyJWT actually supports
def _validate_crit(self, headers: dict) -> None:
crit = headers.get("crit")
if crit is None:
return
if not isinstance(crit, list) or len(crit) == 0:
raise InvalidTokenError("crit must be a non-empty array")
for ext in crit:
if ext not in self._SUPPORTED_CRIT:
raise InvalidTokenError(f"Unsupported critical extension: {ext}")
if ext not in headers:
raise InvalidTokenError(f"Critical extension {ext} not in header")
```
---
## CWE
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-863: Incorrect Authorization
## References
- [RFC 7515 §4.1.11](https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11)
- [CVE-2025-59420 — Authlib crit bypass (CVSS 7.5)](https://osv.dev/vulnerability/GHSA-9ggr-2464-2j32)
- [RFC 7800 — Proof-of-Possession Key Semantics](https://www.rfc-editor.org/rfc/rfc7800)
ghsa CVSS3.1
7.5
Vulnerability type
CWE-345
CWE-863
Incorrect Authorization
Published: 13 Mar 2026 · Updated: 14 Mar 2026 · First seen: 13 Mar 2026