Openidc Liboauth2

2 CVEs affecting Openidc Liboauth2. Latest disclosed: 2026-07-02. Critical: 0, High: 0.

Top CVEs affecting Openidc Liboauth2
CVESeverityScorePublishedSummary
CVE-2026-544312026-07-02In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. RFC 9449 sect…
CVE-2026-544302026-07-02liboauth2 is vulnerable to Server-Side Request Forgery in oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads both signer and kid from the…