CVE-2026-41479

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

CVE-2026-41479 Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

CVE-2026-41479

Authlib’s OAuth 2.0 authorization endpoint is vulnerable to an unauthenticated open redirect when an unsupported response_type is requested and a attacker-controlled redirect_uri is supplied. This occurs before client lookup and any redirect_uri validation, allowing a single request to yield a 30...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +232 more potentially affected by CVE-2026-41479 via authlib (>=0.10.0 <=1.6.1)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

apheris-auth (=0.23.0), apheris-cli (>=0.51.0 <=0.52.0) +1 more potentially affected by CVE-2026-41479 via authlib (=1.7.0)

authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0, =1.3.0, =1.3.0b4 Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

Open Redirect

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Open Redirect via the AuthorizationServer.getauthorizationgrant function in the OAuth 2.0 authorization endpoint. An attacker can redirect users to arbitrary external UR...

GHSA-W8P2-R796-3VMQ Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The vulnerable behavior happens before client lookup and before any redirect URI validation. As a...

CVE-2026-41479

creationtimestamp| type| source ---|---|--- 2026-06-08 07:25:27+00:00| published-proof-of-concept| https://github.com/authlib/authlib/security/advisories/GHSA-w8p2-r796-3vmq...

ROOT-APP-PYPI-CVE-2026-44681 CVE-2026-44681 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-44681 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-GHSA-JJ8C-MMJ3-MMGV GHSA-jj8c-mmj3-mmgv in rootio-Authlib - Patched by Root

Root has patched GHSA-jj8c-mmj3-mmgv in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-27962 CVE-2026-27962 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-27962 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-28490 CVE-2026-28490 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-28490 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-28802 CVE-2026-28802 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-28802 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-28498 CVE-2026-28498 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-28498 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.3 Vulnerability Details CVEID:CVE-2026-28498 DESCRIPTION: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level...

PT-2026-47598

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.10 Authlib versions prior to 1.7.1 Description Authlib's OAuth 2.0 authorization endpoint is susceptible to an unauthenticated open redirect. This occurs when a request utilizes an unsupported response type and...

PT-2026-47585

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response type and supplies an attacker-controlled redirect uri. The vulnerable behavior happens before client lookup and before any redirect URI validation. As...

CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

ROOT-APP-PYPI-CVE-2025-59420 CVE-2025-59420 in rootio-Authlib - Patched by Root

Root has patched CVE-2025-59420 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-37568 CVE-2024-37568 in rootio-Authlib - Patched by Root

Root has patched CVE-2024-37568 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...