Voozh

Vulnerabilities

CVE-2026-32597 Detail

Modified After Enrichment

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Description

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

👁 NIST CVSS score

NIST: NVD

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://access.redhat.com/errata/RHSA-2026:10140	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:10141	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:10184	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:12176	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13508	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13512	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13545	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13553	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13672	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:13916	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:17083	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:19138	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:19355	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:19375	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:19712	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:21431	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:21517	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:22330	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:24977	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:26226	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:6568	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:6720	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:6912	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:6926	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:8437	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:8746	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:8747	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:8748	redhat-SADP
https://access.redhat.com/security/cve/CVE-2026-32597	redhat-SADP
https://bugzilla.redhat.com/show_bug.cgi?id=2447194	redhat-SADP
https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f	CISA-ADP, GitHub, Inc.	Exploit Mitigation Vendor Advisory
https://lists.debian.org/debian-lts-announce/2026/05/msg00008.html	CVE
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32597.json	redhat-SADP

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-345	Insufficient Verification of Data Authenticity	GitHub, Inc.
CWE-347	Improper Verification of Cryptographic Signature	redhat-SADP
CWE-863	Incorrect Authorization	GitHub, Inc.

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

7 change records found show changes

CVE Modified by redhat-SADP 6/29/2026 11:18:32 PM

Action	Type	Old Value
Added	CVSS V3.1	AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Added	CWE	CWE-347
Added	Reference	https://access.redhat.com/errata/RHSA-2026:10140
Added	Reference	https://access.redhat.com/errata/RHSA-2026:10141
Added	Reference	https://access.redhat.com/errata/RHSA-2026:10184
Added	Reference	https://access.redhat.com/errata/RHSA-2026:12176
Added	Reference	https://access.redhat.com/errata/RHSA-2026:13508
Added	Reference	https://access.redhat.com/errata/RHSA-2026:13512
Added	Reference	https://access.redhat.com/errata/RHSA-2026:13545
Added	Reference	https://access.redhat.com/errata/RHSA-2026:13553
Added	Reference	https://access.redhat.com/errata/RHSA-2026:13672
Added	Reference	https://access.redhat.com/errata/RHSA-2026:13916
Added	Reference	https://access.redhat.com/errata/RHSA-2026:17083
Added	Reference	https://access.redhat.com/errata/RHSA-2026:19138
Added	Reference	https://access.redhat.com/errata/RHSA-2026:19355
Added	Reference	https://access.redhat.com/errata/RHSA-2026:19375
Added	Reference	https://access.redhat.com/errata/RHSA-2026:19712
Added	Reference	https://access.redhat.com/errata/RHSA-2026:21431
Added	Reference	https://access.redhat.com/errata/RHSA-2026:21517
Added	Reference	https://access.redhat.com/errata/RHSA-2026:22330
Added	Reference	https://access.redhat.com/errata/RHSA-2026:24977
Added	Reference	https://access.redhat.com/errata/RHSA-2026:26226
Added	Reference	https://access.redhat.com/errata/RHSA-2026:6568
Added	Reference	https://access.redhat.com/errata/RHSA-2026:6720
Added	Reference	https://access.redhat.com/errata/RHSA-2026:6912
Added	Reference	https://access.redhat.com/errata/RHSA-2026:6926
Added	Reference	https://access.redhat.com/errata/RHSA-2026:8437
Added	Reference	https://access.redhat.com/errata/RHSA-2026:8746
Added	Reference	https://access.redhat.com/errata/RHSA-2026:8747
Added	Reference	https://access.redhat.com/errata/RHSA-2026:8748
Added	Reference	https://access.redhat.com/security/cve/CVE-2026-32597
Added	Reference	https://bugzilla.redhat.com/show_bug.cgi?id=2447194
Added	Reference	https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32597.json
Added	Affected	Record truncated, showing 2048 of 5839 characters. View Entire Change Record [{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 8","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el8","cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8","cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.5 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.5::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9","cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2.6 for RHEL 9","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2.6::el9","cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9","cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product"

Quick Info

CVE Dictionary Entry:
CVE-2026-32597
NVD Published Date:
03/13/2026
NVD Last Modified:
06/29/2026
Source:
GitHub, Inc.

URL: https://nvd.nist.gov/vuln/detail/CVE-2026-32597

⇱ NVD - CVE-2026-32597

CVE-2026-32597 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by redhat-SADP 6/29/2026 11:18:32 PM

CVE Modified by CISA-ADP 6/17/2026 6:36:04 AM

CVE Modified by GitHub, Inc. 6/17/2026 6:36:04 AM

CVE Modified by CVE 5/05/2026 2:16:02 PM

Initial Analysis by NIST 3/19/2026 9:30:29 AM

CVE Modified by CISA-ADP 3/13/2026 3:55:09 PM

New CVE Received from GitHub, Inc. 3/13/2026 3:55:09 PM

Quick Info