2 matches found
CVE-2026-28802
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...
agentstack-cli (>=0.4.0 <=0.6.2rc6), aieng-platform-onboard (>=0.5.0 <=0.6.1) +90 more potentially affected by CVE-2026-28802 via authlib (>=1.6.0 <=1.6.6)
authlib PYPI version =1.6.0, =0.4.0, =0.5.0, =0.9.5, =0.19.0, =0.38.0, =0.1.0, =0.1.0, =0.1.0, =1.7.0, =0.1.1rc22, =0.1.0, =0.1.0, =0.7.0, =0.2.19, =0.5.24 and more Source cves: CVE-2026-28802 Source advisory: SNYK:PYTHON-AUTHLIB-15425813...