CVE-2026-28490
Authlib (Python) RSA1_5 JWE handling is vulnerable to Bleichenbacher padding oracle attacks. The issue stems from a length check in RSAAlgorithm.unwrap() that raises a distinct exception when padding is invalid, destroying the cryptographic BLEichenbacher mitigation provided by cryptography v46.0...