Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Python PyJWT Security Update Fixes Header Extension Bypass
Summary
An update for the Python PyJWT library fixes a security issue that could allow attackers to bypass security checks by using unknown header extensions. This affects Python users who rely on PyJWT for secure token verification. Update to the latest version to ensure security.
What to do
- Update python-pyjwt to version 2.8.0-150400.8.10.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Module for Public Cloud 15 SP4 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Module for Python 3 15 SP7 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server 15 SP4-LTSS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server 15 SP5-LTSS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server 15 SP6-LTSS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP4 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP5 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP6 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| openSUSE:Leap 15.6 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
Original title
Security update for python-PyJWT
Original description
This update for python-PyJWT fixes the following issues:
- CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616).
- CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261389-1/ Vendor Advisory
- https://bugzilla.suse.com/1259616 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-32597 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026