diff --git a/Gemfile b/Gemfile
index 37a7666602f2555beb3d4ff9d3e0e3d1b4fefae8..dd7c93c5a758ea9d2cf7b33f8e9f9bc1bf7b82c1 100644
--- a/Gemfile
+++ b/Gemfile
@@ -36,7 +36,7 @@ gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'
 gem 'omniauth-authentiq',     '~> 0.2.0'
 gem 'rack-oauth2',            '~> 1.2.1'
-gem 'jwt'
+gem 'jwt',                    '~> 1.5.6'
 
 # Spam and anti-bot protection
 gem 'recaptcha', '~> 3.0', require: 'recaptcha/rails'
diff --git a/Gemfile.lock b/Gemfile.lock
index 671d7788a8647746817b1135b65658178a864bed..3b207d19d1ffd1b4c417a340be48e5542656ade3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -379,7 +379,7 @@ GEM
     json (1.8.3)
     json-schema (2.6.2)
       addressable (~> 2.3.8)
-    jwt (1.5.4)
+    jwt (1.5.6)
     kaminari (0.17.0)
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
@@ -912,7 +912,7 @@ DEPENDENCIES
   jquery-rails (~> 4.1.0)
   jquery-ui-rails (~> 5.0.0)
   json-schema (~> 2.6.2)
-  jwt
+  jwt (~> 1.5.6)
   kaminari (~> 0.17.0)
   knapsack (~> 1.11.0)
   kubeclient (~> 2.2.0)
@@ -1022,4 +1022,4 @@ DEPENDENCIES
   wikicloth (= 0.8.1)
 
 BUNDLED WITH
-   1.13.7
+   1.14.2
diff --git a/changelogs/unreleased/27488-fix-jwt-version.yml b/changelogs/unreleased/27488-fix-jwt-version.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5135ff0fd60a37259f3bf2864e5f036c43b10ee8
--- /dev/null
+++ b/changelogs/unreleased/27488-fix-jwt-version.yml
@@ -0,0 +1,4 @@
+---
+title: Update and pin the `jwt` gem to ~> 1.5.6
+merge_request:
+author: