295 matches found
GHSA-CH86-PXR9-J9H9 Duplicate Advisory: OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9jpj-g8vv-j5mf. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it...
EUVD-2026-18849
OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...
CVE-2026-34511 OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter
OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it through the redirect URL. Attackers who capture the redirect URL can obtain both the authorization code and PKCE verifier, defeating PKCE protection and enabling token redemption...
CVE-2026-34083
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectU...
CVE-2026-34083
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirecturi. Because the redirectU...
Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.11 Update
New Red Hat build of Keycloak 26.4.11 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.11 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...
CVE-2026-4282
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens,...
Signal K Server 安全漏洞
The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 2.24.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of unvalidated Host headers in constructing redirect URIs, which could lead to the thef...
FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
Summary While testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHu...
GHSA-RWW4-4W9C-7733 FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
Summary While testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHu...
Unintended Proxy or Intermediary ('Confused Deputy')
Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' in the OAuthProxy.handleidpcallback function. An attacker can gain unauthorized access to resources associated with...
PT-2026-29421
Summary While testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHu...
CVE-2026-33757 OpenBao lacks user confirmation for OIDC direct callback mode
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishin...
OpenBao lacks user confirmation for OIDC direct callback mode
Impact OpenBao does not prompt for user confirmation when logging in via JWT/OIDC and a role with callbackmode set to direct. This allows an attacker to start an authentication request and perform "remote phishing" by having the victim visit the URL and automatically log-in to the session of the...
CVE-2026-32245
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...
SUSE CVE-2026-32245
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...
CVE-2026-28498 Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect OIDC ID Tokens. Specifically, the internal hash verification logic verifyhash...
CVE-2026-32245
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...
CVE-2026-32245
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...
CVE-2026-32245 Tinyauth's OIDC authorization codes are not bound to client on token exchange
Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization code is the same client the code was issued to. A malicious OIDC client operator can exchange another client's authorization code using their...