Critical PyJWT Vulnerability in Multiple Ubuntu Releases

Severity: High (Score: 72.5)

Sources: Ubuntu, Linuxsecurity

Summary

A significant security flaw has been identified in the PyJWT library affecting various Ubuntu releases, including 25.10, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS. The vulnerability, tracked as CVE-2026-32597, allows remote attackers to bypass authentication checks due to improper validation of the critical header parameter. This flaw contradicts the expectations set by the RFC specification, potentially exposing network services to unauthorized access. Users are urged to update their systems to the latest package versions to mitigate this risk. The vulnerability was published on March 12, 2026, and is considered critical due to its potential impact across multiple supported versions of Ubuntu. Standard system updates are recommended to address this issue. Key Points: • PyJWT vulnerability allows remote attackers to bypass authentication checks. • Affected Ubuntu releases include 25.10 and several LTS versions. • Users should update to the latest package versions to mitigate risks.

Key Entities

• Data Breach (attack_type)
• CVE-2026-32597 (cve)
• Ubuntu (company)
• PyJWT Vulnerability (vulnerability)