10 matches found
CVE-2026-41425
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker could exploit a missing Cross-Site Request Forgery CSRF protection on the cache feature within authlib.integrations.starletteclient.OAuth. This vulnerability allows an attacker to trick ...
CVE-2026-41425
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
PYSEC-2026-25
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
PYSEC-2026-25
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
DEBIAN-CVE-2026-41425
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
CVE-2026-41425
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
CVE-2026-41425 Authlib: Cross-site request forging when using cache
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
CVE-2026-41425
Authlib (Python) Authlib.integrations.starlette_client.OAuth cache feature is vulnerable prior to version 1.6.11 due to missing CSRF protection. The vulnerability affects the cache path of the OAuth implementation, enabling cross-site request forgery under the described conditions. The issue is f...
CVE-2026-41425
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...
Authlib: Cross-site request forging when using cache
Summary There is no CSRF protection on the cache feature on most integrations clients. Details In authlib.integrations.starletteclient.OAuth, no CSRF protection is set up when using the cache parameter. When not using the cache parameter, the use of SessionMiddleware ties the client to the auth...