Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Python PyJWT: Unrestricted Header Extension Allows Arbitrary Data Injection
SUSE-SU-2026:1400-1
Summary
An update for the Python PyJWT library is available to fix a vulnerability that could allow an attacker to inject arbitrary data into certain types of JSON Web Tokens (JWTs). This is a security risk because it could be used to bypass security controls or steal sensitive information. Update your dependencies to the latest version to address this issue.
What to do
- Update python-pyjwt to version 2.4.0-150200.3.11.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Micro 5.5 | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise Module for Basesystem 15 SP7 | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise Server 15 SP4-LTSS | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise Server 15 SP5-LTSS | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise Server 15 SP6-LTSS | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP4 | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP5 | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP6 | – | python-pyjwt |
< 2.4.0-150200.3.11.1 Fix: upgrade to 2.4.0-150200.3.11.1
|
Original title
Security update for python-PyJWT
Original description
This update for python-PyJWT fixes the following issues:
- CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616).
- CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261400-1/ Vendor Advisory
- https://bugzilla.suse.com/1259616 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-32597 URL
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026