Openidc Liboauth2
2 CVEs affecting Openidc Liboauth2. Latest disclosed: 2026-07-02. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-54431 | | 2026-07-02 | In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. RFC 9449 sect… | |
CVE-2026-54430 | | 2026-07-02 | liboauth2 is vulnerable to Server-Side Request Forgery in oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads both signer and kid from the… |