PT-2026-48827

Name of the Vulnerable Software and Affected Versions Okta affected versions not specified Description Improper state verification in the OAuth implementation allows an attacker to manipulate the authentication flow. This can lead to a victim's account being linked to an account controlled by the...

Open Redirect

Overview oauth is a ruby gem that implements both OAuth clients and servers in Ruby applications. Affected versions of this package are vulnerable to Open Redirect via the tokenrequest function in the token endpoint redirect handling. An attacker can obtain sensitive OAuth request metadata, such ...

Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type

Summary Authlib's OAuth 2.0 authorization endpoint can be turned into an unauthenticated open redirect when a request uses an unsupported responsetype and supplies an attacker-controlled redirecturi. The vulnerable behavior happens before client lookup and before any redirect URI validation. As a...

A First Measurement Study on Authentication Security in Real-World Remote MCP Servers

The Model Context Protocol MCP is emerging as a common interface connecting large language models LLMs with external services. Remote deployments are becoming increasingly important as agents connect to user-linked online services, such as social, productivity, and financial services. In such...

Authlib: Cross-site request forging when using cache

Summary There is no CSRF protection on the cache feature on most integrations clients. Details In authlib.integrations.starletteclient.OAuth, no CSRF protection is set up when using the cache parameter. When not using the cache parameter, the use of SessionMiddleware ties the client to the auth...

CVE-2026-40575

creationtimestamp| type| source ---|---|--- 2026-04-16 11:06:42+00:00| seen| https://ccb.belgium.be/advisories/warning-critical-authentication-bypass-oauth2-can-lead-unauthorized-data-access-patch 2026-04-22 01:19:23+00:00| seen| Telegram/LUR06ONloRlViUIW27ojzHZG9BE33b4Dag-8VffcgXgN8 2026-04-22...

Use of GET Request Method With Sensitive Query Strings

Overview Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings in the OAuth provider callback flow. An attacker can gain unauthorized access to sensitive information by intercepting refresh tokens exposed in URL query parameters through browser...

PT-2026-26609

Name of the Vulnerable Software and Affected Versions versions prior to 2026-31381 Description An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL. The vulnerability involves the exposure of Personally Identifiable...

CVE-2026-27962

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any...

EUVD-2025-208759

FastMCP OAuth Proxy token reuse across MCP servers...

CVE-2026-31944

LibreChat’s breach involves the MCP OAuth callback endpoint incorrectly accepting redirects without verifying the user session or initiator. From versions 0.8.2 through 0.8.2-rc3, an attacker can lure a victim to complete the OAuth flow, causing the victim’s OAuth tokens to be stored on the attac...

PT-2026-25054

Impact Parse Server's built-in OAuth2 auth adapter exports a singleton instance that is reused directly across all OAuth2 provider configurations. Under concurrent authentication requests for different OAuth2 providers, one provider's token validation may execute using another provider's...

CVE-2026-28477

OpenClaw versions prior to 2026.2.14 contain an oauth state validation bypass vulnerability in the manual Chutes login flow that allows attackers to bypass CSRF protection. An attacker can convince a user to paste attacker-controlled OAuth callback data, enabling credential substitution and token...

OAuth redirection abuse enables phishing and malware delivery

Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and intentionally invalid scopes to redirect victims to attacker-controlled infrastructure without...

PT-2026-23552

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The manual Chutes OAuth login flow in OpenClaw is susceptible to a bypass of OAuth CSRF state validation. This allows an attacker to bypass CSRF protection by convincing a user to paste...

GO-2026-4463 Mattermost Server uses weak hashing for OAuth, email verification tokens and invitations in github.com/mattermost/mattermost-server

Mattermost Server uses weak hashing for OAuth, email verification tokens and invitations in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

sigstore-python Cross-Site Request Forgery Vulnerability

sigstore-python is an open-source tool developed by sigstore for generating and verifying Sigstore signatures in Python. Versions of sigstore-python prior to 4.2.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the OAuth authentication process’s...

PT-2025-50819

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtool login google function. This makes it...

CVE-2025-12419

Mattermost contains an OAuth/OpenID Connect validation flaw where OAuth state tokens are not properly validated during authentication, enabling an authenticated attacker with team-creation privileges to take over a user account by manipulating data in the OAuth completion flow. The issue affects ...

CVE-2025-64521

CVE-2025-64521 affects authentik, an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, authenticating to an OAuth provider with client_id/client_secret could create a service account for the provider, and that account could be used even if deactivated. The issue was fixed i...