Vulnerability in Team-alembic Ash_authentication

CVE-2026-49757

Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email addres…

Affected products

Team-alembic Ash_authentication — versions 0.1.0, 5.0.0-rc.0, c5f589058e04239263f50a1430eb17ea6d5dd1a2

Weakness classification (CWE)

CWE-290 — Authentication Bypass by Spoofing

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)