PyJWT algorithm allow-list bypass with PyJWK keys

PyJWT 2.9.0 through 2.12.1 allows a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature verification uses the algorithm bound to the PyJWK object instead of the header algorithm.

Applications using PyJWT with PyJWK keys, including those using PyJWKClient.get_signing_key_from_jwt(), in deployments where algorithm policy acts as an authentication/authorization boundary (e.g., self-service OAuth client assertions, multi-tenant key registration, federation/BYO-JWKS trust models).

Upgrade to a patched version if available, or avoid using PyJWK keys with algorithm allow-lists; alternatively, verify signatures manually using the header algorithm.