PyJWT Critical Header Validation Bypass – Authentication Bypass PoC
A vulnerability in PyJWT versions prior to 2.12.0 allows JSON Web Tokens containing unknown critical header parameters to be accepted instead of rejected. This issue can lead to authentication bypass or security policy circumvention in applications relying on strict JWT validation.