Lucene search
K

339 matches found

OSV
OSV
added 4 days ago5 views

PYSEC-2026-287 Authlib JWS JWK Header Injection: Signature Verification Bypass

Description Summary A JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic...

9.1CVSS7.4AI score0.00548EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-41479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned...

5.4CVSS5.9AI score0.0016EPSS
Exploits1References3
NVD
NVD
added 2026/06/22 9:16 p.m.10 views

CVE-2026-41479

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

5.4CVSS0.0016EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 8:35 p.m.26 views

CVE-2026-41479

Authlib’s OAuth 2.0 authorization endpoint is vulnerable to an unauthenticated open redirect when an unsupported response_type is requested and a attacker-controlled redirect_uri is supplied. This occurs before client lookup and any redirect_uri validation, allowing a single request to yield a 30...

5.4CVSS6AI score0.0016EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:35 p.m.24 views

CVE-2026-41479 Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The...

5.4CVSS0.0016EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/06/08 5:52 p.m.7 views

apheris-auth (=0.23.0), apheris-cli (>=0.51.0 <=0.52.0) +1 more potentially affected by CVE-2026-41479 via authlib (=1.7.0)

authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0, =1.3.0, =1.3.0b4 Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

5.4CVSS5.5AI score0.0016EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/06/08 5:52 p.m.6 views

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +231 more potentially affected by CVE-2026-41479 via authlib (>=0.10.0 <=1.6.1)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

5.4CVSS5.7AI score0.0016EPSS
Exploits1
OSV
OSV
added 2026/06/08 5:52 p.m.10 views

GHSA-W8P2-R796-3VMQ Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The vulnerable behavior happens before client lookup and before any redirect URI validation. As a...

5.4CVSS5.6AI score0.0016EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/08 5:52 p.m.6 views

Open Redirect

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Open Redirect via the AuthorizationServer.getauthorizationgrant function in the OAuth 2.0 authorization endpoint. An attacker can redirect users to arbitrary external UR...

8.2CVSS5.6AI score0.0016EPSS
Exploits1References2
Circl
Circl
added 2026/06/08 7:25 a.m.12 views

CVE-2026-41479

creationtimestamp| type| source ---|---|--- 2026-06-08 07:25:27+00:00| published-proof-of-concept| https://github.com/authlib/authlib/security/advisories/GHSA-w8p2-r796-3vmq...

5.4CVSS5.4AI score0.0016EPSS
Exploits1References1
OSV
OSV
added 2026/06/08 7:24 a.m.6 views

ROOT-APP-PYPI-CVE-2026-44681 CVE-2026-44681 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-44681 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

6.1CVSS5.4AI score0.00203EPSS
Exploits1
OSV
OSV
added 2026/06/08 7:22 a.m.5 views

ROOT-APP-PYPI-CVE-2026-28490 CVE-2026-28490 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-28490 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

6.5CVSS5.9AI score0.00142EPSS
Exploits1
OSV
OSV
added 2026/06/08 7:22 a.m.4 views

ROOT-APP-PYPI-CVE-2026-28802 CVE-2026-28802 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-28802 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

9.8CVSS5.9AI score0.00425EPSS
Exploits1
OSV
OSV
added 2026/06/08 7:22 a.m.4 views

ROOT-APP-PYPI-CVE-2026-28498 CVE-2026-28498 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-28498 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.9AI score0.00226EPSS
Exploits1
OSV
OSV
added 2026/06/08 7:22 a.m.6 views

ROOT-APP-PYPI-CVE-2026-27962 CVE-2026-27962 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-27962 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

9.1CVSS5.9AI score0.00548EPSS
Exploits1
OSV
OSV
added 2026/06/08 7:22 a.m.5 views

ROOT-APP-PYPI-GHSA-JJ8C-MMJ3-MMGV GHSA-jj8c-mmj3-mmgv in rootio-Authlib - Patched by Root

Root has patched GHSA-jj8c-mmj3-mmgv in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

5.4CVSS5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/08 7:11 a.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.3 Vulnerability Details CVEID:CVE-2026-28498 DESCRIPTION: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level...

9.1CVSS6.8AI score0.00731EPSS
Exploits5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47598

Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.10 Authlib versions prior to 1.7.1 Description Authlib's OAuth 2.0 authorization endpoint is susceptible to an unauthenticated open redirect. This occurs when a request utilizes an unsupported response type and...

5.4CVSS6AI score0.0016EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47585

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response type and supplies an attacker-controlled redirect uri. The vulnerable behavior happens before client lookup and before any redirect URI validation. As...

5.4CVSS5.6AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.15 views

CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

6.1CVSS5.5AI score0.00203EPSS
Exploits1References1
Rows per page
Query Builder