Steveiliop56 Tinyauth
3 CVEs affecting Steveiliop56 Tinyauth. Latest disclosed: 2026-04-02. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32246 | High | 8.5 | 2026-03-12 | Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session (password veri… |
CVE-2026-33544 | High | 7.7 | 2026-04-02 | Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations (GenericOAuthService, GithubOAuthServic… |
CVE-2026-32245 | Medium | 6.5 | 2026-03-12 | Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC token endpoint does not verify that the client exchanging an authorization cod… |