PT-2026-25790

Authlib and Affected Versions Authlib versions prior to 1.6.9 Description Authlib, a Python library for building OAuth and OpenID Connect servers, contains a flaw in its OpenID Connect OIDC ID Token validation logic. The internal hash verification function verify hash exhibits a fail-open behavio...

Privilege Escalation

authlib is vulnerable to Privilege Escalation. The vulnerability is due to accepting tokens with unknown crit headers, where Authlib violates RFC 7515 rules, allowing attackers to craft signed tokens that bypass strict verifiers and potentially enable policy bypass or privilege escalation...

Denial Of Service (DoS)

authlib is vulnerable to Denial Of Service. The vulnerability is due to unbounded DEFLATE decompression in the JWE zip=DEF processing path, where a very small ciphertext can expand into extremely large plaintext during token decryption, and attackers can exploit this by supplying decryptable toke...

Denial Of Service (DoS)

Authlib is vulnerable to Denial-Of-Service via Oversized JWS/JWT. The vulnerability is due to Authlib accepting base64url-encoded header or signature inputs of unbounded size, allowing attackers to send tokens with huge encoded header/signature fields that exhaust CPU and memory during verificati...

openSUSE Security Advisory (SUSE-SU-2025:3842-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-4352-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4352-1 python-authlib - security update

Bulletin has no description...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Authlib (SUSE-SU-2025:3842-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3842-1 advisory. - CVE-2025-62706: fixed a denial of service condition bsc1252504, ghauthlib/authlib@e0863d512931 Tenable...

Security update for python-Authlib

This update for python-Authlib fixes the following issues: CVE-2025-62706: fixed a denial of service condition bsc1252504, ghauthlib/authlib@e0863d512931 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:3842-1 Security update for python-Authlib

This update for python-Authlib fixes the following issues: - CVE-2025-62706: fixed a denial of service condition bsc1252504, ghauthlib/authlib@e0863d512931...

Linux Distros Unpatched Vulnerability : CVE-2025-62706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JWE zip=DEF path performs unbounded DEFLATE...

openSUSE Security Advisory (SUSE-SU-2025:3754-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Authlib (SUSE-SU-2025:3754-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:3754-1 advisory. - CVE-2025-61920: limited the size of the header to prevent DoS bsc1251921. Tenable has extracted the...

SUSE CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib's JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

Security update for python-Authlib

This update for python-Authlib fixes the following issues: CVE-2025-61920: limited the size of the header to prevent DoS bsc1251921. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

DEBIAN-CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

UBUNTU-CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...

EUVD-2025-33799

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...