CVE-2026-32597

HIGH

fence-agents security update

Details

CVSS v3: 7.5
NVD published: 2026-03-13 19:55:09
EPSS: <0.1% probability · 2.3th percentile — 2026-05-06
Affected versions: cpe:2.3:a:pyjwt_project:pyjwt:*:*:*:*:*:*:*:*
Summary: PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.
Remediation: Not available in our cache.
Exploit info: https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.