Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Python-PyJWT Update Fixes Uncontrolled Header Extension
SUSE-SU-2026:1389-1
Summary
A security update for python-PyJWT addresses an issue where unknown header extensions could be accepted, potentially leading to security risks. This could allow an attacker to manipulate the token's properties. To protect your system, update python-PyJWT to the latest version.
What to do
- Update python-pyjwt to version 2.8.0-150400.8.10.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Module for Public Cloud 15 SP4 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Module for Python 3 15 SP7 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server 15 SP4-LTSS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server 15 SP5-LTSS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server 15 SP6-LTSS | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP4 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP5 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP6 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
| openSUSE:Leap 15.6 | – | python-pyjwt |
< 2.8.0-150400.8.10.1 Fix: upgrade to 2.8.0-150400.8.10.1
|
Original title
Security update for python-PyJWT
Original description
This update for python-PyJWT fixes the following issues:
- CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616).
- CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261389-1/ Vendor Advisory
- https://bugzilla.suse.com/1259616 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-32597 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026