CVE Vulnerabilities

CVE-2026-48526

Improper Authentication

Published: May 28, 2026 | Modified: Jul 06, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.4 IMPORTANT
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret key for HMAC algorithm. This vulnerability is fixed in 2.13.0.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

NameVendorStart VersionEnd Version
PyjwtPyjwt_project*2.13.0 (excluding)
Red Hat Ansible Automation Platform 2.6 for RHEL 9RedHatpython3.12-pyjwt-0:2.13.0-1.el9ap*
Red Hat Enterprise Linux 10RedHatfence-agents-0:4.16.0-21.el10_2.2*
Red Hat Enterprise Linux 10.0 Extended Update SupportRedHatfence-agents-0:4.16.0-5.el10_0.11*
Red Hat Enterprise Linux 9RedHatfence-agents-0:4.10.0-110.el9_8.3*
Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRedHatfence-agents-0:4.10.0-43.el9_2.23*
Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRedHatfence-agents-0:4.10.0-62.el9_4.26*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatfence-agents-0:4.10.0-86.el9_6.18*
Red Hat Satellite 6.19 for RHEL 9RedHatpython3.12-pyjwt-0:2.13.0-1.el9pc*
Red Hat Satellite 6.19 for RHEL 9RedHatpython3.12-pyjwt-0:2.13.0-1.el9pc*
Red Hat AI Inference Server 3.3RedHatrhaiis/vllm-rocm-rhel9:1782353093*
Red Hat AI Inference Server 3.3RedHatrhaiis/vllm-cuda-rhel9:1782352847*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/gateway-rhel9:1782761510*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/lightspeed-chatbot-rhel9:1782650747*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/lightspeed-rhel9:1782755166*
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/mcp-tools-rhel9:1782712006*
Red Hat Ansible Automation Platform 2.7RedHatansible-automation-platform-27/ee-supported-rhel9:1781118924*
Red Hat Ansible Automation Platform 2.7RedHatansible-automation-platform-27/hub-rhel9:1781102816*
Red Hat Ansible Automation Platform 2.7RedHatansible-automation-platform-27/lightspeed-chatbot-rhel9:1781042555*
Red Hat Ansible Automation Platform 2.7RedHatansible-automation-platform-27/lightspeed-rhel9:1781025813*
Red Hat Ansible Automation Platform 2.7RedHatansible-automation-platform-27/mcp-tools-rhel9:1781030318*
Red Hat Quay 3.10RedHatquay/quay-rhel8:1782487717*
Red Hat Quay 3.12RedHatquay/quay-rhel8:1781937357*
Red Hat Quay 3.9RedHatquay/quay-rhel8:1781878070*

Potential Mitigations

References