CRITICAL🇵🇱 Wersja polska

CVE-2026-27962

CVSS 9.1v3.1pub. 2026-03-16upd. 2026-07-01

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic key embedded in the attacker-controlled JWT jwk header field. An attacker can sign a token with their own private key, embed the matching public key in the header, and have the server accept the forged token as cryptographically valid — bypassing authentication and authorization entirely. This issue has been patched in version 1.6.9.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Authlib

    APP
    Authlib
    < 1.6.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassDeserialization
CWE
References

Related vulnerabilities

CVE-2026-28498HIGH8.2ten sam produkt

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-l...

CVE-2026-28490HIGH8.3ten sam produkt

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptogra...

CVE-2026-28802HIGH7.7ten sam produkt

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before versio...

CVE-2025-61920HIGH7.5ten sam produkt

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s J...

CVE-2025-59420HIGH7.5ten sam produkt

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s J...