LOW 3.7

CVE-2026-48524: PyJWT Denial of Service via Unlimited JWKS Requests

PyJWT, a widely-used Python library for handling JSON Web Tokens (JWTs), contains a weakness in how it fetches public signing keys. When a JWT arrives with an unfamiliar key identifier (kid), the library will make a fresh HTTP request to retrieve the correct signing key—without any protection against repeated requests for the same unknown identifier. An attacker can exploit this by sending JWTs with different fake kid values, forcing the library to make outbound requests for each one. While the actual impact depends on whether the signing-key endpoint has its own rate limiting or becomes saturated, the vulnerability allows an attacker to potentially cause a denial-of-service condition through request amplification. This issue is resolved in PyJWT 2.13.0 and later.

Source data · NVD / CISA · public domain

CVSS
3.1 · 3.7 LOW · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Weaknesses (CWE)
CWE-460, CWE-755
Affected products
1 configuration(s)
Published / Modified
2026-05-28 / 2026-06-17

NVD description (verbatim)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited outbound requests. The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior (rate limiting, transient errors) which is beyond the attacker's control. This vulnerability is fixed in 2.13.0.

1 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability exists in PyJWKClient.get_signing_key(), which handles key retrieval for JWT verification. The method extracts the kid (key ID) from the JWT header without verification and uses it to look up the corresponding public key. If that key is not cached, the method triggers a new HTTP fetch of the JWKS (JSON Web Key Set) endpoint. Because the kid is controlled by the attacker and comes from unverified token data, an attacker can craft JWTs with arbitrary or non-existent kid values. Each unique unknown kid forces a new outbound request, and there is no per-kid or aggregate rate limiting in the library itself. The attack surface is conditional: the library will only attempt repeated fetches if the JWKS endpoint actually fails to provide the requested key. However, an attacker can sustain traffic with varied unknown kids to increase the likelihood of triggering failures or overload. The vulnerability is classified under CWE-460 (Incorrect Handling of Asynchronous Event Unhandling) and CWE-755 (Improper Handling of Exceptional Conditions), reflecting the lack of proper bounds checking and error handling on external requests.

Business impact

Organizations using PyJWT for JWT validation—including API gateways, authentication services, and microservices—may be susceptible to denial-of-service attacks targeting their JWT validation layer. An attacker with the ability to send requests to an application can exhaust outbound bandwidth or connection resources by triggering repeated JWKS fetches. The severity is classified as LOW because: (1) the attack requires the JWKS endpoint to fail or reject the unknown kid, introducing a dependency on external conditions; (2) most well-managed JWKS endpoints have their own rate limiting; and (3) the impact is availability-related rather than confidentiality or integrity compromise. Nevertheless, in environments where the JWKS endpoint is unprotected or misconfigured, this could contribute to service degradation.

Affected systems

PyJWT versions prior to 2.13.0 are affected. The library is a direct dependency in Python projects that validate JWTs, including frameworks like Django REST Framework, FastAPI authentication middleware, and custom authorization layers. Any application consuming JWTs without immediate upstream validation (e.g., API gateways, token introspection services, or microservice-to-microservice authentication) is potentially exposed. Organizations should inventory PyJWT usage across their Python codebase and development pipelines.

Exploitability

Exploitation requires the attacker to send HTTP requests to an application that uses PyJWT to validate tokens. The attacker must craft JWTs with non-existent or variable kid values in the header. The vulnerability only manifests when the JWKS endpoint fails to return the requested key, which depends on upstream endpoint behavior and is not fully under the attacker's control. This conditional requirement, combined with the LOW CVSS score (3.7) and AC:H (High Attack Complexity), indicates that while the attack is network-accessible and requires no authentication, real-world exploitation is limited by external dependencies. An attacker would need to understand the target's JWKS endpoint behavior and timing to reliably trigger the amplification.

Remediation

Upgrade PyJWT to version 2.13.0 or later. This version implements rate limiting or caching improvements to prevent repeated fetches for unknown kid values. Before upgrading, verify that your application's dependencies and lockfiles (e.g., requirements.txt, Poetry.lock, Pipfile.lock) are updated to pull the patched version. Test the upgrade in a staging environment to confirm no compatibility issues with your JWT validation flow. Additionally, consider configuring upstream JWKS endpoints with their own rate limiting and monitoring to detect unusual request patterns.

Patch guidance

Update PyJWT as follows: (1) Review your project's dependency specification (e.g., setup.py, requirements.txt, or pyproject.toml) and update the PyJWT version constraint to >=2.13.0; (2) Run your package manager (pip, poetry, or similar) to pull the latest version; (3) Re-run your test suite to confirm JWT validation and token refresh logic still function correctly; (4) Deploy to staging and validate authentication workflows end-to-end before rolling to production. For organizations using PyJWT via indirect dependencies (e.g., through Django REST Framework), verify that the transitive dependency is resolved to 2.13.0 or later. Monitor your lock files to ensure no accidental downgrades.

Detection guidance

Monitor application logs for unusual patterns of JWKS endpoint requests, particularly spikes in 404 or 401 responses following JWT validation attempts. Log the kid value from rejected or unknown tokens and correlate with request frequency; a high cardinality of unique kid values in a short time window may indicate exploitation. Configure application-level or infrastructure-level rate limiting on JWT validation endpoints to slow request amplification. Instrument PyJWT or the surrounding authentication layer to emit metrics on cache misses and JWKS fetch failures, then alert on anomalies. Network intrusion detection should flag unusual outbound traffic to JWKS endpoints originating from your application.

Why prioritize this

While the CVSS score is LOW (3.7), this vulnerability warrants timely patching because: (1) PyJWT is a foundational library in Python authentication stacks; (2) the attack is network-accessible and requires no credentials; (3) if your JWKS endpoint is unprotected or experiences transient failures, you are more at risk; (4) the fix is a straightforward version bump with no breaking changes expected. Prioritize patching in environments where PyJWT is exposed to untrusted request sources (public APIs, microservices) and where JWKS endpoints lack robust rate limiting.

Risk score, explained

The CVSS 3.1 score of 3.7 (LOW severity) reflects: Attack Vector=Network (AV:N, widely accessible), Attack Complexity=High (AC:H, requires the JWKS endpoint to fail or reject the kid), Privileges Required=None (PR:N), User Interaction=None (UI:N), Scope=Unchanged (S:U), Confidentiality=None (C:N), Integrity=None (I:N), and Availability=Low (A:L, limited DoS potential). The HIGH attack complexity is the primary reason for the low score: the attacker cannot guarantee that JWKS fetch failures occur, and real-world JWKS endpoints often have built-in protections. The availability impact is rated LOW because the attacker's ability to cause sustained service degradation depends on factors outside their direct control.

Frequently asked questions

Does this vulnerability allow an attacker to forge or modify JWTs?

No. This vulnerability does not compromise the cryptographic integrity of JWT validation. An attacker cannot bypass signature verification or steal the JWKS signing keys. The issue is purely about resource exhaustion through repeated outbound requests triggered by malformed kid values.

If our JWKS endpoint already has rate limiting, are we at risk?

Your risk is significantly reduced. Most production JWKS endpoints (especially those managed by major identity providers) implement rate limiting, timeouts, and anti-abuse measures. If your endpoint rejects requests after a rate limit is hit, the library will fail gracefully and not continue fetching indefinitely. Review your JWKS endpoint's configuration and monitoring to confirm these protections are in place.

What should we do if we cannot update PyJWT immediately?

Implement compensating controls: (1) Rate limit inbound requests to your JWT validation endpoint at the ingress layer (API gateway, WAF); (2) Monitor JWKS endpoint request volume and alert on spikes; (3) Configure timeouts on outbound JWKS requests to prevent hanging connections; (4) Validate JWT structure and kid format before processing, rejecting obviously invalid kids early.

Is this vulnerability listed in CISA's Known Exploited Vulnerabilities catalog?

No, this vulnerability has not been added to the CISA KEV catalog as of the intelligence publication date. This does not mean it is unexploited; rather, it indicates no confirmed evidence of active exploitation in the wild has reached CISA's threshold for inclusion.

This analysis is based on publicly available CVE data as of June 17, 2026. Specific patch version numbers and vendor advisories should be verified directly against the PyJWT project's release notes and security documentation. The actual risk to your organization depends on your deployment context, JWKS endpoint configuration, and upstream security controls. This vulnerability has a LOW CVSS score and should not be treated as critical, but timely patching is still recommended for applications exposed to untrusted requests. No proof-of-concept exploit code or detailed attack methodology is provided. Always test patches in a non-production environment before deployment. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).