CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

UBUNTU-CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158 Authlib: 1-click Account Takeover

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158 Authlib: 1-click Account Takeover

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

CVE-2025-68158

Authlib’s OAuth/OpenID Connect implementation is affected in versions

CVE-2025-68158 Authlib: 1-click Account Takeover

Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state easily obtainable via an attacker-initiated...

Linux Distros Unpatched Vulnerability : CVE-2025-68158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. In versions 1.0.0 through 1.6.5, cache-backed state/request-token storage is not tied...

Authlib 安全漏洞

Authlib is the ultimate Python library for building OAuth and OpenID Connect servers open-sourced by Authlib. Authlib 1.6.5 and earlier versions have a security vulnerability that stems from a cache-supported state store that is not bound to the originating user session, which could lead to a CSR...

PT-2026-25780

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.9 Description Authlib, a Python library for building OAuth and OpenID Connect servers, contains a cryptographic padding oracle vulnerability in the implementation of the JSON Web Encryption JWE RSA1 5 key manageme...

PT-2026-25779

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.9 Description Authlib is a Python library used for building OAuth and OpenID Connect servers. A JWK Header Injection flaw exists in the library's JWS implementation, allowing an unauthenticated attacker to forge...

PT-2026-25790

Authlib and Affected Versions Authlib versions prior to 1.6.9 Description Authlib, a Python library for building OAuth and OpenID Connect servers, contains a flaw in its OpenID Connect OIDC ID Token validation logic. The internal hash verification function verify hash exhibits a fail-open behavio...

Privilege Escalation

authlib is vulnerable to Privilege Escalation. The vulnerability is due to accepting tokens with unknown crit headers, where Authlib violates RFC 7515 rules, allowing attackers to craft signed tokens that bypass strict verifiers and potentially enable policy bypass or privilege escalation...

Denial Of Service (DoS)

authlib is vulnerable to Denial Of Service. The vulnerability is due to unbounded DEFLATE decompression in the JWE zip=DEF processing path, where a very small ciphertext can expand into extremely large plaintext during token decryption, and attackers can exploit this by supplying decryptable toke...

Denial Of Service (DoS)

Authlib is vulnerable to Denial-Of-Service via Oversized JWS/JWT. The vulnerability is due to Authlib accepting base64url-encoded header or signature inputs of unbounded size, allowing attackers to send tokens with huge encoded header/signature fields that exhaust CPU and memory during verificati...

openSUSE Security Advisory (SUSE-SU-2025:3842-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-4352-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4352-1 python-authlib - security update

Bulletin has no description...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Authlib (SUSE-SU-2025:3842-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3842-1 advisory. - CVE-2025-62706: fixed a denial of service condition bsc1252504, ghauthlib/authlib@e0863d512931 Tenable...