diff --git a/homeassistant/auth/jwt_wrapper.py b/homeassistant/auth/jwt_wrapper.py
index 3aa3ac63764e29..464df006f5f171 100644
--- a/homeassistant/auth/jwt_wrapper.py
+++ b/homeassistant/auth/jwt_wrapper.py
@@ -18,7 +18,7 @@
 JWT_TOKEN_CACHE_SIZE = 16
 MAX_TOKEN_SIZE = 8192
 
-_VERIFY_KEYS = ("signature", "exp", "nbf", "iat", "aud", "iss")
+_VERIFY_KEYS = ("signature", "exp", "nbf", "iat", "aud", "iss", "sub", "jti")
 
 _VERIFY_OPTIONS: dict[str, Any] = {f"verify_{key}": True for key in _VERIFY_KEYS} | {
     "require": []
diff --git a/homeassistant/package_constraints.txt b/homeassistant/package_constraints.txt
index 93cba1378d6f26..d2101b3af9b32e 100644
--- a/homeassistant/package_constraints.txt
+++ b/homeassistant/package_constraints.txt
@@ -47,7 +47,7 @@ paho-mqtt==1.6.1
 Pillow==11.0.0
 propcache==0.2.0
 psutil-home-assistant==0.0.1
-PyJWT==2.9.0
+PyJWT==2.10.0
 pymicro-vad==1.0.1
 PyNaCl==1.5.0
 pyOpenSSL==24.2.1
diff --git a/pyproject.toml b/pyproject.toml
index 40a31e52aec9a0..7eb0a815506a13 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -53,7 +53,7 @@ dependencies    = [
     "ifaddr==0.2.0",
     "Jinja2==3.1.4",
     "lru-dict==1.3.0",
-    "PyJWT==2.9.0",
+    "PyJWT==2.10.0",
     # PyJWT has loose dependency. We want the latest one.
     "cryptography==43.0.1",
     "Pillow==11.0.0",
diff --git a/requirements.txt b/requirements.txt
index 2aac427eec187d..4a9246bf37239a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -25,7 +25,7 @@ home-assistant-bluetooth==1.13.0
 ifaddr==0.2.0
 Jinja2==3.1.4
 lru-dict==1.3.0
-PyJWT==2.9.0
+PyJWT==2.10.0
 cryptography==43.0.1
 Pillow==11.0.0
 propcache==0.2.0
diff --git a/tests/auth/test_jwt_wrapper.py b/tests/auth/test_jwt_wrapper.py
index 297d4dd5d7fcb3..f9295a7791ce61 100644
--- a/tests/auth/test_jwt_wrapper.py
+++ b/tests/auth/test_jwt_wrapper.py
@@ -6,6 +6,12 @@
 from homeassistant.auth import jwt_wrapper
 
 
+async def test_all_default_options_are_in_verify_options() -> None:
+    """Test that all default options in _VERIFY_OPTIONS."""
+    for option in jwt_wrapper._PyJWTWithVerify._get_default_options():
+        assert option in jwt_wrapper._VERIFY_OPTIONS
+
+
 async def test_reject_access_token_with_impossible_large_size() -> None:
     """Test rejecting access tokens with impossible sizes."""
     with pytest.raises(jwt.DecodeError):