CVE-2022-39227

CRITICAL

python-jwt < 3.3.4 - Authentication Bypass by Spoofing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-39227. PoCs published by user0x1337, melikesraoz, NoSpaceAvailable.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2022-39227, which involves a JWT signature verification flaw in the python-jwt library versions < 3.3.4. The exploit allows an attacker to reuse a valid JWT signature with modified claims, effectively bypassing authentication.

Description

python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.

Exploits (3)

nomisec WORKING POC 22 stars
by user0x1337 · poc
https://github.com/user0x1337/CVE-2022-39227

This repository contains a functional proof-of-concept exploit for CVE-2022-39227, which involves a JWT signature verification flaw in the python-jwt library versions < 3.3.4. The exploit allows an attacker to reuse a valid JWT signature with modified claims, effectively bypassing authentication.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: python-jwt < 3.3.4
Auth required
Prerequisites: A valid JWT token from the target application · Target application using python-jwt < 3.3.4
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by melikesraoz · poc
https://github.com/melikesraoz/cve-2022-39227-jwt-auth-bypass-demo

This repository demonstrates CVE-2022-39227, a JWT authentication bypass vulnerability in python-jwt versions before 3.3.4. It includes a functional exploit that forges JWT claims without knowing the secret key, along with a vulnerable and patched version of the application for comparison.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: python-jwt < 3.3.4
Auth required
Prerequisites: Valid JWT token from a regular user · Access to the vulnerable application
devstral-2 · analyzed Apr 28, 2026 Full analysis →
nomisec WORKING POC
by NoSpaceAvailable · poc
https://github.com/NoSpaceAvailable/CVE-2022-39227

This repository contains a functional proof-of-concept exploit for CVE-2022-39227, which exploits a flaw in the python-jwt library (< 3.3.4) allowing JWT signature reuse with modified claims. The PoC takes a valid JWT token and injects arbitrary claims while retaining the original signature.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: python-jwt < 3.3.4
Auth required
Prerequisites: A valid JWT token from the target application · Target application using python-jwt < 3.3.4
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.1
EPSS 0.6541
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-290
Status published
Products (2)
pypi/python-jwt 0 - 3.3.4PyPI
python-jwt_project/python-jwt 3.0.0 - 3.3.4
Published Sep 23, 2022
Tracked Since Feb 18, 2026