Vulnerability in Authlib

CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encr…

EPSS: 0.000 (3.8th percentile) — read the EPSS interpretation.

Affected products

Authlib — versions < 1.6.9

Weakness classification (CWE)

References

https://github.com/authlib/authlib/security/advisories/GHSA-7432-952r-cw78 (x_refsource_CONFIRM)
https://github.com/authlib/authlib/commit/48b345f29f6c459f11c6a40162b6c0b742ef2e22 (x_refsource_MISC)
https://github.com/authlib/authlib/releases/tag/v1.6.9 (x_refsource_MISC)