Linuxsecurity
Critical Vulnerabilities in SUSE python-PyJWT Lead to DoS and SSRF Risks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
SUSE has released an important update for python-PyJWT addressing multiple vulnerabilities. The issues include CVE-2026-48522, which allows SSRF and token forgery due to improper URI handling, and CVE-2026-48524, which can lead to denial-of-service (DoS) through unbounded requests. Other vulnerabilities include CVE-2026-48523, which permits algorithm allow-list bypass, and CVE-2026-48525, which allows unbounded Base64URL decoding. These vulnerabilities affect systems utilizing python-PyJWT, potentially exposing them to significant security risks. The vulnerabilities were published on May 28, 2026, and the updates were released on June 16 and June 25, 2026. Users are advised to apply the patches immediately to mitigate these risks.
Key Points: • SUSE released critical patches for python-PyJWT addressing multiple CVEs. • CVE-2026-48522 allows SSRF and token forgery, posing severe risks. • CVE-2026-48524 can lead to DoS through unbounded JWKS endpoint requests.