HIGH 7.4

CVE-2026-48526: PyJWT Authentication Bypass via HMAC Algorithm Misuse

PyJWT, a widely-used Python library for handling JSON Web Tokens (JWTs), contains an authentication bypass vulnerability in versions before 2.13.0. The flaw allows attackers to forge valid tokens by exploiting insufficient validation of cryptographic key usage. Specifically, when a library instance is configured to accept both asymmetric (public-key) and HMAC (shared-secret) algorithms, an attacker can take the issuer's public key—which is often publicly available—and use it as the HMAC secret to create forged tokens that the vulnerable library will accept as legitimate.

Source data · NVD / CISA · public domain

CVSS
3.1 · 7.4 HIGH · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Weaknesses (CWE)
CWE-287, CWE-347
Affected products
1 configuration(s)
Published / Modified
2026-05-28 / 2026-07-06

NVD description (verbatim)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret key for HMAC algorithm. This vulnerability is fixed in 2.13.0.

19 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability stems from a logic gap in PyJWT's token verification flow. When verifying JWTs, the library supports multiple algorithm families: asymmetric algorithms (RSA, ECDSA, etc.) that rely on public-key cryptography, and HMAC algorithms that use shared secrets. The issue arises because PyJWT does not properly enforce that JSON Web Keys (JWKs) designated for asymmetric algorithms cannot be reused as HMAC secrets during verification. An attacker who observes or retrieves the issuer's public key can construct an HMAC-signed JWT using that public key material as the HMAC secret, bypassing authentication checks. The vulnerability is classified under CWE-287 (Improper Authentication) and CWE-347 (Improper Verification of Cryptographic Signature), reflecting both the authentication bypass and the signature validation flaw. The CVSS 3.1 score of 7.4 (HIGH) reflects high impact on confidentiality and integrity, though the attack has elevated complexity due to requiring specific library configuration conditions.

Business impact

An attacker exploiting this flaw can forge authentication tokens without knowing the HMAC secret, effectively impersonating any user or service that the vulnerable PyJWT instance trusts. This allows unauthorized access to APIs, services, and data protected by JWT-based authentication. For organizations relying on PyJWT for microservices authentication, API security, or single sign-on (SSO) integrations, exploitation could lead to lateral movement, privilege escalation, and data exfiltration. The impact is particularly severe in environments where tokens carry sensitive claims (user ID, roles, permissions) or where token-based access controls protect critical functions.

Affected systems

PyJWT versions prior to 2.13.0 are vulnerable. Any Python application or service that uses PyJWT for JWT verification is potentially at risk, particularly those configured to support both asymmetric and HMAC algorithms for token verification. This includes web frameworks, API gateways, microservices, authentication servers, and third-party integrations that depend on PyJWT. Organizations should inventory dependencies to identify affected deployments; tools like pip-audit, Snyk, or Software Composition Analysis (SCA) platforms can help locate vulnerable versions in the supply chain.

Exploitability

Exploitability requires moderate technical effort but no special privileges or user interaction. The attacker must (1) identify or obtain the issuer's public key, which is often publicly discoverable via JWKS endpoints or OpenID Connect metadata, and (2) craft a valid HMAC-signed JWT using that public key as the secret. Once forged, the token is accepted by vulnerable instances without further authentication. The attack does not require network access to the application beyond standard JWT submission, making it remotely executable. However, the complexity factor (AC:H in the CVSS vector) suggests that successful exploitation depends on specific library configuration—notably, the application must be configured to accept HMAC-signed tokens alongside asymmetric algorithms. Applications using only one algorithm family are not vulnerable.

Remediation

Upgrade PyJWT to version 2.13.0 or later immediately. This version includes validation logic that prevents JWKs intended for asymmetric algorithms from being accepted as HMAC secrets. After patching, conduct token validation testing to confirm that legitimate tokens are still accepted and forged tokens are rejected. Review application configurations to confirm appropriate algorithm constraints are in place; where feasible, restrict token verification to a single algorithm family rather than supporting multiple families.

Patch guidance

1. Identify all environments (development, staging, production) where PyJWT is installed. Use pip list, requirements.txt, or lock files to confirm current versions. 2. Update PyJWT to 2.13.0 or later using pip install --upgrade pyjwt or by updating requirements files and reinstalling. 3. Restart affected applications and services after patching. 4. If using containerized deployments, rebuild images with the patched version and redeploy. 5. For dependency chains, verify that all transitive dependencies are resolved correctly; some tools may pin PyJWT to an older version indirectly. 6. Test token verification functionality in staging environments before production rollout to ensure no regression. 7. Review and rotate any JWTs or signing keys that may have been compromised during the vulnerability window if available.

Detection guidance

Monitor JWT verification failures and anomalies: 1. Log and alert on token validation errors, particularly sudden spikes in verification rejections, which may indicate exploitation attempts. 2. Inspect token claims and metadata (iss, aud, sub fields) for unexpected values or issuer mismatches. 3. Check for tokens signed with HMAC algorithms in environments where only asymmetric algorithms should be used. 4. Review PyJWT library logs and application authentication logs for traces of forged or suspicious tokens. 5. Implement token fingerprinting and compare newly seen tokens against historical baselines to detect anomalous token generation. 6. If available, use security monitoring or SIEM rules to correlate JWT verification errors with subsequent unauthorized API calls or data access. 7. Audit application configuration files to verify algorithm restrictions are correctly enforced.

Why prioritize this

This vulnerability merits immediate remediation priority due to its HIGH CVSS score, the fundamental nature of the flaw (authentication bypass), and the widespread use of PyJWT in modern Python applications. Although exploitability requires specific library configuration, the attack surface is large given the ubiquity of JWT-based authentication in APIs and microservices. The fact that it is not yet listed on CISA's KEV catalog does not diminish urgency; early patching reduces risk before active exploitation emerges. Organizations should treat this as a critical update for any application where PyJWT is used for security-critical token verification.

Risk score, explained

The CVSS 3.1 score of 7.4 (HIGH) reflects the following factors: Network accessibility (AV:N) means the attack can be mounted remotely without physical access. Attack complexity is elevated (AC:H), limiting the attack surface to configurations supporting multiple algorithm types. No privileges (PR:N) or user interaction (UI:N) is required, allowing autonomous exploitation. Scope is unchanged (S:U), meaning impact is confined to the vulnerable component. Confidentiality and integrity impacts are rated HIGH (C:H, I:H), as forged tokens grant unauthorized access to sensitive data and enable impersonation. Availability is unaffected (A:N). The overall score reflects a serious but not critical vulnerability—exploitable in real-world scenarios but not universally exploitable across all PyJWT deployments.

Frequently asked questions

Does this vulnerability affect all PyJWT users?

No. The vulnerability only affects instances of PyJWT configured to accept both asymmetric and HMAC algorithms during token verification. Applications using a single algorithm family (e.g., RSA-only or HMAC-only) are not vulnerable. However, if you are unsure of your library configuration, err on the side of caution and upgrade to 2.13.0.

Can an attacker forge tokens without access to the issuer's infrastructure?

Yes. Public keys are often discoverable via publicly available JWKS endpoints or OpenID Connect metadata endpoints. An attacker can retrieve the issuer's public key and use it as an HMAC secret to craft forged tokens, then submit them to a vulnerable service. This is why public key reuse as a symmetric secret is a cryptographic mismatch.

What should I do if I suspect my tokens were compromised before patching?

If you have a security incident where unauthorized tokens were detected during the vulnerability window, consider invalidating all issued tokens, rotating signing keys, and issuing new tokens to affected users. Review logs to identify potentially forged tokens by checking for unexpected issuers, claims, or timestamps. Implement short token expiration times to limit the window of token validity going forward.

Does PyJWT 2.13.0 have any breaking changes I should know about?

Refer to the PyJWT release notes and changelog for version 2.13.0 to check for any breaking changes. Typically, security patches do not introduce breaking changes, but test the patch in a staging environment to verify that your application's token verification workflows continue to function as expected before deploying to production.

This analysis is provided for informational purposes to support vulnerability assessment and remediation planning. It is not a substitute for vendor advisories or professional security consultation. Always verify patch availability, test in non-production environments, and consult your organization's security and change management processes before deploying updates. SEC.co makes no guarantee regarding the completeness or accuracy of this analysis relative to evolving threat intelligence or vendor updates. Readers are responsible for validating all recommendations against their specific environment and configurations. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).