Open Redirect

Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Open Redirect via the AuthorizationServer.getauthorizationgrant function in the OAuth 2.0 authorization endpoint. An attacker can redirect users to arbitrary external UR...

GHSA-W8P2-R796-3VMQ Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The vulnerable behavior happens before client lookup and before any redirect URI validation. As a...

aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +232 more potentially affected by CVE-2026-41479 via authlib (>=0.10.0 <=1.6.1)

authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.1 and more Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

apheris-auth (=0.23.0), apheris-cli (>=0.51.0 <=0.52.0) +1 more potentially affected by CVE-2026-41479 via authlib (=1.7.0)

authlib PYPI version =1.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on authlib and may be impacted: - apheris-auth =0.23.0 - apheris-cli =0.51.0, =1.3.0, =1.3.0b4 Source cves: CVE-2026-41479 Source advisory: OSV:GHSA-W8P2-R796-3VMQ...

CVE-2026-41479

creationtimestamp| type| source ---|---|--- 2026-06-08 07:25:27+00:00| published-proof-of-concept| https://github.com/authlib/authlib/security/advisories/GHSA-w8p2-r796-3vmq...

ROOT-APP-PYPI-CVE-2026-44681 CVE-2026-44681 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-44681 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-GHSA-JJ8C-MMJ3-MMGV GHSA-jj8c-mmj3-mmgv in rootio-Authlib - Patched by Root

Root has patched GHSA-jj8c-mmj3-mmgv in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-27962 CVE-2026-27962 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-27962 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-28490 CVE-2026-28490 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-28490 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-28498 CVE-2026-28498 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-28498 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2026-28802 CVE-2026-28802 in rootio-Authlib - Patched by Root

Root has patched CVE-2026-28802 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.3 Vulnerability Details CVEID:CVE-2026-28498 DESCRIPTION: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level...

PT-2026-47598

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response type and supplies an attacker-controlled redirect uri. The vulnerable behavior happens before client lookup and before any redirect URI validation. As...

PT-2026-47585

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported response type and supplies an attacker-controlled redirect uri. The vulnerable behavior happens before client lookup and before any redirect URI validation. As...

CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...

ROOT-APP-PYPI-CVE-2025-59420 CVE-2025-59420 in rootio-Authlib - Patched by Root

Root has patched CVE-2025-59420 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-37568 CVE-2024-37568 in rootio-Authlib - Patched by Root

Root has patched CVE-2024-37568 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...

Linux Distros Unpatched Vulnerability : CVE-2026-44681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's...

python311-Authlib-1.7.2-1.1 on GA media (moderate)

python311-Authlib-1.7.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10883-1 Rating: moderate Cross-References: CVE-2026-44681 CVSS scores: CVE-2026-44681 SUSE : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability ca...

SUSE CVE-2026-44681

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authorization endpoint lets a remote attacker cause the authorization server to issue an HTTP 302 to an...