[SECURITY] [DLA 4605-1] python-flask-httpauth security update

Debian LTS Advisory DLA-4605-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 28, 2026 https://wiki.debian.org/LTS Package : python-flask-httpauth Version : 3.2.4-3.1+deb11u1 CVE ID : CVE-2026-34531 Debian Bug : 1132581 A vulnerability was found in...

Debian dla-4605 : python-flask-httpauth-doc - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4605 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4605-1 [email protected] https://www.debian.org/lts/security/...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses lodash-4.17.21.tgz, tomcat-embed-core-10.1.49.jar, Markdown-3.7-py3-none-any.whl, spring-webmvc-6.2.14.jar, torch-2.10.0-cp311-cp311-manylinux228x8664.whl, and FlaskHTTPAuth-4.8.0-py3-none-any.whl, which are vulnerable to CVE-2025-13465, CVE-2025-66614,...

Fedora 44 : python-flask-httpauth (2026-fd53570465)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-fd53570465 advisory. Update to version 4.8.1 2454342 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora: Security Advisory (FEDORA-2026-04d6f223e0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2026:20576-1 Security update for python-Flask-HTTPAuth

This update for python-Flask-HTTPAuth fixes the following issues: Changes in python-Flask-HTTPAuth: - CVE-2026-34531: Do not accept empty tokens bsc1261355...

Security update for python-Flask-HTTPAuth (moderate)

openSUSE Security Update: Security update for python-Flask-HTTPAuth Announcement ID: openSUSE-SU-2026:0121-1 Rating: moderate References: 1261355 Cross-References: CVE-2026-34531 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description:...

Security update for python-Flask-HTTPAuth (moderate)

openSUSE Security Update: Security update for python-Flask-HTTPAuth Announcement ID: openSUSE-SU-2026:0122-1 Rating: moderate References: 1261355 Cross-References: CVE-2026-34531 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description:...

OPENSUSE-SU-2026:10518-1 python311-Flask-HTTPAuth-4.8.1-1.1 on GA media

These are all security issues fixed in the python311-Flask-HTTPAuth-4.8.1-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2026-34531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to...

CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

airduct (>=0.1.13 <=0.1.22), aprsd (>=1.6.0 <=3.4.4) +42 more potentially affected by CVE-2026-34531 via flask-httpauth (>=2.5.0 <=4.8.0)

flask-httpauth PYPI version =2.5.0, =0.1.13, =1.6.0, =1.0.5, =0.0.5, =0.5.0, =4.2.6, =1.0.0, =0.0.28, =0.0.0rc24, =1.0.2, =0.2.2, =3.2.0.0, =2.0.0, =0.1.8.1, =2.2.1 and more Source cves: CVE-2026-34531 Source advisory: OSV:GHSA-P44Q-VQPR-4XMG...

GHSA-P44Q-VQPR-4XMG Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

Summary In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any...

aprsd (>=1.6.0 <=3.4.4), aprsd-slack-plugin (>=1.0.5 <=1.2.0) +31 more potentially affected by CVE-2026-34531 via flask-httpauth (>=4.1.0 <=4.8.0)

flask-httpauth PYPI version =4.1.0, =1.6.0, =1.0.5, =0.5.0, =0.0.28, =0.0.0rc24, =1.0.2, =0.2.2, =3.2.0.0, =2.0.0, =0.1.8.1, =0.1.0.post3, =0.2.2, =0.1.1, =1.0.2, =1.3.1 and more Source cves: CVE-2026-34531 Source advisory: SNYK:PYTHON-FLASKHTTPAUTH-15922817...

Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

Summary In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any...

PT-2026-29428

Name of the Vulnerable Software and Affected Versions Flask-HTTPAuth versions prior to 4.8.1 Description Flask-HTTPAuth, when used with token authentication, could potentially authenticate client requests against any user in the database with an empty string set as their token if the client reque...

Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client

In a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any users in...