Skip to content

CVE-2026-32597 - Upgrade pyJWT #32969

New issue
New issue
Open
Open
CVE-2026-32597 - Upgrade pyJWT#32969
Assignees
beboundnaga-nandyala
Labels
Azure CLI TeamThe command of the issue is owned by Azure CLI teamSecurity-Issuecustomer-reportedIssues that are reported by GitHub users external to the Azure organization.feature-request
Milestone
Backlog
@blueelvis

Description

@blueelvis
blueelvis
opened on Mar 14, 2026

Describe the bug

The current version of az-cli is using a vulnerable package PyJWT@2.10.1.

Related CVE - CVE-2026-32597
GHSA - GHSA-752w-5fwx-jx9f

Please upgrade it to at least 2.12.0

Related command

NA

Errors

NA

Issue script & Debug output

NA

Expected behavior

NA

Environment Summary

azure-cli 2.84.0 is affected along with previous versions.

Additional context

No response

Metadata

Metadata

Assignees

Labels

Azure CLI TeamThe command of the issue is owned by Azure CLI teamSecurity-Issuecustomer-reportedIssues that are reported by GitHub users external to the Azure organization.feature-request

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions